CoreOP Privacy Policy

Last Updated: May 6, 2026

This Privacy Policy ("Policy") explains how Aviluxe Aviation LLC, a Texas limited liability company doing business as CoreOP ("CoreOP," "we," "our," or "us"), collects, uses, discloses, and protects information in connection with our websites at coreop.io and any subdomains (the "Websites"); our vendor management software, mobile applications, and crew tools (collectively, the "Services"); and other interactions you have with us.

This Policy applies when CoreOP acts as the controller of your information — that is, when we determine the purposes and means of processing.

When CoreOP processes information about an end customer, aircraft owner, crew member, or other individual on behalf of a vendor that subscribes to the Services (each such vendor, a "Vendor"), the Vendor is the controller and CoreOP acts as the processor under the Vendor's instructions and our agreement with the Vendor. In those cases, the Vendor's privacy policy governs, and CoreOP's obligations are defined in our subscription agreement and Data Protection Addendum. If you are an end customer, aircraft owner, or crew member dealing with a CoreOP Vendor, please contact that Vendor directly with privacy questions about your data. The "Notice to End Users of CoreOP Vendors" section below has more.

PLEASE READ THIS POLICY CAREFULLY. IF YOU DO NOT AGREE, DO NOT USE THE SERVICES.

Quick Index

  1. Information We Collect
  2. How We Use Information
  3. How We Share Information
  4. Cookies, Analytics, and Online Advertising
  5. AI and Automated Processing
  6. Security, Retention, and International Transfers
  7. Your Rights and Choices
  8. Notice to Texas Residents
  9. Notice to California Residents
  10. Notice to Residents of Other States with Privacy Laws
  11. Notice to End Users of CoreOP Vendors
  12. Children's Privacy
  13. Third-Party Sites and Integrations
  14. Changes to This Policy
  15. Contact Us

1. Information We Collect

We collect information directly from you, automatically through your use of the Services, and from other sources.

Information You Provide Directly

When you register for, configure, or use the Services we collect information you submit, including:

  • Contact and identity information such as your name, business name, email address, postal address, and phone number.
  • Account credentials such as usernames, passwords, and two-factor authentication tokens.
  • Business and employment information such as your role, business type, service area, fleet size, and aircraft inventory.
  • Payment information processed by our third-party payment processor (Stripe). CoreOP receives limited payment metadata such as transaction IDs, last four digits of card numbers, and authorization status; we do not store full card numbers or bank account details.
  • Subscription information such as your plan, seat count, billing history, and add-on usage.
  • Vendor configuration data such as service catalogs, pricing, branding assets, document templates, and integration credentials.
  • Customer and aircraft records that you upload or import, including aircraft tail numbers, ownership records, service history, and notes.
  • Communications such as support tickets, sales inquiries, chat messages, call recordings (where permitted and disclosed), survey responses, and feedback.
  • Photographs and media uploaded to the Services, including before-and-after job photos and aircraft condition documentation.

Information We Collect Automatically

When you use the Services, we and our service providers collect information automatically, including:

  • Device and usage information such as IP address, browser type and language, operating system, device identifiers, referring and exit pages, pages and features viewed, time spent, click events, and error logs.
  • Approximate location derived from your IP address.
  • Precise geolocation, where you or your Vendor has enabled location features (for example, crew GPS check-in at a job site). Precise location is only collected when the Service is in active use and the device permits it. You can disable location at the device level at any time.
  • Cookies, pixels, local storage, and similar technologies, as described in our Cookie Policy.

Information from Other Sources

We may receive information about you from:

  • Our affiliates and service providers (for example, Stripe sends payment status; Supabase provides authentication metadata).
  • Identity and fraud prevention partners.
  • Marketing and lead-generation partners and data enrichment providers.
  • Public sources such as company websites, business registries, social media profiles, and aviation registries (for example, FAA tail number lookups).
  • Third-party platforms when you interact with us through them — for example, when you "like" or comment on a CoreOP post on LinkedIn, click a CoreOP ad, or sign in using Google.

We use information from these sources to verify, supplement, and improve the data we collect directly, and for the purposes described below.

2. How We Use Information

We use information for the following purposes:

  • To provide, operate, maintain, and secure the Services.
  • To create and manage your account, authenticate access, and enable two-factor authentication.
  • To process payments, manage subscriptions, calculate platform fees, and issue refunds.
  • To enable Vendors to operate their businesses on the Services, including managing their customers, scheduling crews, generating quotes and invoices, processing payments, and tracking job execution.
  • To enable crew members to receive job assignments and complete work in the field.
  • To enable end customers to view quotes, approve work, view invoices, and pay.
  • To respond to your inquiries and provide support.
  • To send transactional communications about your account, billing, security, the Services, and changes to our policies.
  • To send marketing communications about CoreOP products, features, pricing, and events, where permitted by law and subject to your communication preferences.
  • To analyze and improve the Services, develop new features, and conduct research.
  • To train and improve our Services using aggregated and de-identified information, and to operate AI features as described in Section 5.
  • To detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service or Acceptable Use Policy.
  • To comply with legal obligations, respond to lawful requests, and exercise or defend our legal rights.
  • For any other purpose with your consent or at your direction.

Aggregated and De-Identified Data

We may aggregate or de-identify information so that it no longer reasonably identifies you or any individual. We may use and disclose aggregated or de-identified data for any lawful purpose, including benchmarking, research, product development, and marketing. We do not attempt to re-identify de-identified data and we contractually prohibit recipients from doing so.

Legal Bases (for users in jurisdictions that require them)

Where required by law, we rely on the following legal bases:

  • Contract — to provide the Services and fulfill our agreements with you.
  • Legitimate interests — to operate, secure, and improve the Services; to market our products to business contacts; and to prevent fraud and abuse, where those interests are not overridden by your rights.
  • Legal obligation — to comply with applicable law, regulation, and legal process.
  • Consent — where required, for example for certain marketing communications, cookies, and processing of sensitive information.

3. How We Share Information

We share information in the following circumstances:

  • Within Aviluxe Aviation LLC and its current and future affiliates.
  • With Vendors and their authorized users, where you are an end customer, crew member, or other person whose information was provided through a Vendor's account. The Vendor controls who in their organization can access that information.
  • With service providers and subprocessors that perform services on our behalf — including hosting, infrastructure, payments, communications, analytics, customer support, security, and AI processing. These providers are bound by contract to protect your information and use it only for the services they provide to us. A current list is available on request by emailing support@coreop.io.
  • With integration partners and third-party services that you or your Vendor connects to the Services (for example, Google Calendar, QuickBooks Online, FlightAware, weather APIs, marketing platforms, and social media platforms). When you authorize an integration, we share the information necessary for the integration to work.
  • With our payment processor, Stripe, to process payments, manage Stripe Connect accounts, and comply with payment regulations. Stripe's handling of your information is governed by Stripe's privacy policy.
  • In connection with a corporate transaction such as a financing, merger, acquisition, sale of assets, reorganization, or insolvency proceeding, including for due diligence.
  • For legal and safety reasons, when we believe in good faith that disclosure is necessary or appropriate to comply with law, lawful requests, or legal process; to enforce our agreements; to protect the rights, property, safety, or security of CoreOP, our users, or others; or to detect, investigate, or prevent fraud or abuse.
  • With your consent or at your direction, including when you choose to make information public or share it with third parties.

We do not sell your personal information for money. Some uses of advertising and analytics cookies may qualify as a "sale" or "sharing" under certain state privacy laws; see Sections 8, 9, and 10 for how to opt out.

4. Cookies, Analytics, and Online Advertising

We and our service providers use cookies, pixels, software development kits, and similar technologies to operate the Services, remember your preferences, analyze usage, and (on our Websites) to deliver relevant marketing. For details about the specific cookies we use, the categories they fall into, and how to control them, see our Cookie Policy at coreop.io/legal/cookies.

We honor Global Privacy Control (GPC) and similar legally recognized browser-based opt-out signals for users in jurisdictions where the law requires recognition of those signals.

5. AI and Automated Processing

The Services include features that use artificial intelligence, machine learning, and large language models, including third-party models accessed through providers such as Anthropic and xAI (collectively, "AI Features"). AI Features may be used to generate quote suggestions, draft messages, summarize calls and notes, recommend pricing, draft marketing content, and assist customer support.

When you or a Vendor uses AI Features, the inputs (including any personal information in those inputs) and outputs are processed by us and by the relevant AI provider as our subprocessor. AI providers are contractually prohibited from using your inputs or outputs to train their general models, except as expressly permitted in our agreements.

AI outputs may contain errors, omissions, or inaccuracies, and you are responsible for reviewing AI-generated content before relying on it or sharing it with third parties. We make no representation that AI Features will produce any particular result.

We do not use AI Features to make decisions that produce legal or similarly significant effects about you without human involvement.

6. Security, Retention, and International Transfers

Security

We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit and at rest, role-based access controls, multi-factor authentication for administrative access, tenant isolation through row-level security, logging and monitoring, and regular security reviews. For more, see our Security page at coreop.io/security.

No system is perfectly secure, and we cannot guarantee the security of any information you transmit to us. You are responsible for maintaining the confidentiality of your account credentials and for all activities under your account.

Retention

We retain personal information for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we delete or de-identify it, except where retention is required by law or where the information is held in routine backups that are eventually overwritten.

If your subscription is terminated, see the Terms of Service for our data export and deletion timelines.

International Transfers

CoreOP is based in the United States and processes information in the United States. We may also process information in other countries where our service providers operate. If you access or use the Services from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States and other jurisdictions, which may have data protection laws that differ from those of your country. Where required, we implement appropriate safeguards (such as standard contractual clauses) for international transfers.

7. Your Rights and Choices

Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link in any marketing email or by emailing support@coreop.io. You can opt out of marketing texts by replying STOP to the message. We may continue to send you transactional and account communications regardless of your marketing preferences.

Account Information

You can update most account information by signing in to the Services. If you need help, contact your Vendor account administrator (if applicable) or support@coreop.io.

Privacy Rights Under State Laws

Depending on where you live, you may have rights to:

  • Confirm whether we process your personal information.
  • Access a copy of the personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete personal information we hold about you.
  • Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising.
  • Opt out of profiling that produces legal or similarly significant effects.
  • Limit the use of sensitive personal information (where applicable).
  • Appeal a denial of a privacy request (where applicable).

To exercise these rights, email support@coreop.io with the subject line "Privacy Request" or visit coreop.io/legal/privacy-request. We will verify your identity before responding, typically by confirming details associated with your account. If we cannot verify your identity, we may be unable to fulfill your request.

You may use an authorized agent to submit a request on your behalf. We will require proof of the agent's authority and may verify the request directly with you.

We will not discriminate against you for exercising your privacy rights.

8. Notice to Texas Residents

The Texas Data Privacy and Security Act (TDPSA) gives Texas residents the rights described in Section 7. To exercise those rights, email support@coreop.io. If we deny your request, you may appeal by replying to our denial with the subject line "Privacy Request Appeal." If we deny your appeal, you may contact the Texas Attorney General at https://www.texasattorneygeneral.gov/.

We do not knowingly process the sensitive personal data of Texas residents without consent, and we do not sell sensitive personal data.

If we engage in "targeted advertising" or "sale" of personal data as those terms are defined under the TDPSA, we provide a means to opt out at coreop.io/legal/privacy-request and we honor the Global Privacy Control browser signal.

9. Notice to California Residents

This section applies to California residents and is provided pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA").

Categories of Personal Information We Collect, Disclose, and "Share" or "Sell"

In the past 12 months we have collected the following categories of personal information, as defined by the CCPA:

CategoryCollectedDisclosed for a Business Purpose"Sold" or "Shared"
Identifiers (name, email, phone, IP address, account identifiers)YesService providers; affiliates; integration partners; Vendors; legal recipientsAdvertising and analytics partners (cookies)
Commercial information (subscription, transaction, and purchase records)YesService providers; affiliates; legal recipientsNo
Internet activity (browsing on our Websites, interactions with the Services)YesService providers; analytics partnersAdvertising and analytics partners (cookies)
Geolocation (approximate from IP; precise from device when enabled)YesService providers; VendorsNo
Audio, electronic, and visual information (call recordings where permitted; uploaded photos)YesService providers; Vendors; legal recipientsNo
Professional or employment informationYesService providers; affiliates; VendorsAdvertising partners (cookies)
Inferences (preferences, characteristics)YesService providers; affiliatesAdvertising partners (cookies)
Sensitive personal information (account credentials; precise geolocation when enabled)YesService providers; VendorsNo

Sources, Purposes, and Retention

The sources of personal information are described in Section 1, the purposes for which we use personal information are described in Section 2, and the categories of recipients are described in Section 3. We retain personal information as described in Section 6.

Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes other than those allowed by the CCPA without offering a right to limit. Specifically, we use sensitive personal information only to provide the Services, secure them, prevent fraud and abuse, and comply with law.

Your CCPA Rights

You have the right to:

  • Know what personal information we collect, use, disclose, "sell," and "share."
  • Access a copy of your personal information.
  • Correct inaccurate personal information.
  • Delete personal information.
  • Opt out of "sale" and "sharing" for cross-context behavioral advertising.
  • Limit the use of sensitive personal information (we already limit such use as described above; no further action is required).
  • Not receive discriminatory treatment for exercising your rights.

To exercise these rights, email support@coreop.io with the subject line "California Privacy Request" or visit coreop.io/legal/privacy-request. To opt out of "sale" or "sharing" for cross-context behavioral advertising specifically, click "Your Privacy Choices" in the Website footer or set the Global Privacy Control signal in your browser.

You may designate an authorized agent to submit requests on your behalf as described in Section 7.

Shine the Light

We do not disclose personal information to third parties for their own direct marketing purposes within the meaning of California Civil Code § 1798.83.

Notice of Financial Incentives

We do not currently offer financial incentives in exchange for personal information.

10. Notice to Residents of Other States with Privacy Laws

If you reside in Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Utah, Virginia, or another U.S. state with a comprehensive consumer privacy law, you may have rights similar to those described in Sections 7 and 9. To exercise those rights, email support@coreop.io or visit coreop.io/legal/privacy-request.

We honor the Global Privacy Control browser signal in jurisdictions that legally require recognition of universal opt-out mechanisms.

If we deny your request, you may appeal by replying to our denial with the subject line "Privacy Request Appeal." If your appeal is denied, you may contact your state attorney general.

11. Notice to End Users of CoreOP Vendors

If you are a customer, aircraft owner, crew member, or other individual whose information is processed by CoreOP because a Vendor uses CoreOP to manage their business, the Vendor — not CoreOP — is the controller of your information. The Vendor decides what information to collect, how to use it, who in their organization can access it, and how long to retain it.

To exercise privacy rights with respect to information held by a Vendor in the Services, please contact that Vendor directly. We will assist Vendors in responding to your requests as required by law.

If you are unable to identify or reach the relevant Vendor, you may contact us at support@coreop.io and we will use reasonable efforts to route your request appropriately.

12. Children's Privacy

The Services are not directed to children under 16 and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us at support@coreop.io and we will take appropriate steps to delete it.

13. Third-Party Sites and Integrations

The Services may link to or integrate with third-party websites, products, and services. We are not responsible for the privacy practices of any third party. When you authorize an integration, you authorize the exchange of information between CoreOP and that third party for the purposes described in the integration. Review the privacy policies of any third parties you connect to the Services.

14. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we update the Policy we will revise the "Last Updated" date at the top, and if changes are material we will provide additional notice (for example, by email or in-product notification). Your continued use of the Services after the effective date of any update constitutes acceptance of the updated Policy.

15. Contact Us

If you have questions about this Policy or our privacy practices, contact us at:

Aviluxe Aviation LLC (d/b/a CoreOP) Email: support@coreop.io Phone: (682) 900-5811 Web: coreop.io