Privacy

Eolas Technologies Ltd

Last updated: 20 June 2026

Controller

This website and the PreFlight application are operated by Eolas Technologies Ltd, a private company limited by shares registered in England and Wales.

Registered office:
71–75 Shelton Street
Covent Garden
London WC2H 9JQ
United Kingdom

Privacy contact: [email protected]

Scope of This Notice

This Privacy Notice applies to the public website at eolasdata.com and the PreFlight web application at app.eolasdata.com.

Together, these services provide product information, account registration, billing, dataset validation, and access to validation reports.

Data Processed

Depending on how you use our services, we may process the following categories of data:

Website technical data — IP address, browser type, device type, and basic connection or usage data generated through standard web infrastructure.
Account data — email address and hashed password when you create and use a PreFlight account.
Billing data — Stripe customer reference and subscription metadata. We do not store payment card numbers.
Authentication data — session tokens, API keys, and an httpOnly session cookie used to keep you signed in.
Uploaded datasets — CSV files you upload for validation. These are deleted immediately after validation completes. They are never retained, never reused, and never used for model training or any purpose other than producing your validation report.
Validation reports — structured PreFlight output stored in your account. Reports are user-controlled and may be deleted by you at any time.

Purpose and Legal Basis

We process personal data under UK GDPR on the following bases:

Contract — to provide PreFlight accounts, run validations, deliver reports, and manage billing.
Legitimate interests — to operate, secure, and maintain our website and application infrastructure.

We do not use your data for advertising, behavioural profiling, or sale to third parties.

Data Retention

Uploaded datasets — deleted immediately after validation. Not retained.
Account data — retained while your account is active or until you request deletion.
Validation reports — retained until you delete them or delete your account.
Website technical data — retained only as long as operationally necessary for security, diagnostics, or system maintenance.

Sub-processors

We use the following sub-processors to deliver our services. Each processes data only as necessary to provide their function:

Stripe — payment processing and subscription management
Resend — transactional email delivery
DigitalOcean — application hosting and object storage
Cloudflare — application delivery and security

International Transfers

Some sub-processors operate infrastructure in the United States. Where personal data is transferred outside the UK, we rely on appropriate safeguards, including the UK International Data Transfer Agreement (IDTA) or equivalent mechanisms.

Cookies

PreFlight uses a single httpOnly session cookie to maintain your authenticated session. We do not use advertising cookies, analytics trackers, or third-party tracking cookies.

Individual Rights

Under UK data protection law, you may have the right to access, correct, delete, port, or object to processing of your personal data.

To exercise these rights, contact [email protected]. You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Security

We protect your data using encrypted connections (HTTPS), hashed passwords, and immediate deletion of uploaded datasets after validation. Access to production systems is restricted to authorised personnel.

Children

PreFlight is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18.

Changes to This Notice

We may update this Privacy Notice from time to time. Material changes will be reflected on this page with an updated date.

Contact

For privacy questions or requests: [email protected]

Access PreFlight Tool