Privacy
Eolas Technologies Ltd
Last updated: 20 June 2026
Controller
This website and the PreFlight application are operated by Eolas Technologies Ltd, a private company limited by shares registered in England and Wales.
Registered office:
71–75 Shelton Street
Covent Garden
London WC2H 9JQ
United Kingdom
Privacy contact: [email protected]
Scope of This Notice
This Privacy Notice applies to the public website at eolasdata.com and the PreFlight web application at app.eolasdata.com.
Together, these services provide product information, account registration, billing, dataset validation, and access to validation reports.
Data Processed
Depending on how you use our services, we may process the following categories of data:
Website technical data — IP address, browser type, device type, and basic connection or usage data generated through standard web infrastructure.
Account data — email address and hashed password when you create and use a PreFlight account.
Billing data — Stripe customer reference and subscription metadata. We do not store payment card numbers.
Authentication data — session tokens, API keys, and an httpOnly session cookie used to keep you signed in.
Uploaded datasets — CSV files you upload for validation. These are deleted immediately after validation completes. They are never retained, never reused, and never used for model training or any purpose other than producing your validation report.
Validation reports — structured PreFlight output stored in your account. Reports are user-controlled and may be deleted by you at any time.
Purpose and Legal Basis
We process personal data under UK GDPR on the following bases:
Contract — to provide PreFlight accounts, run validations, deliver reports, and manage billing.
Legitimate interests — to operate, secure, and maintain our website and application infrastructure.
We do not use your data for advertising, behavioural profiling, or sale to third parties.
Data Retention
Uploaded datasets — deleted immediately after validation. Not retained.
Account data — retained while your account is active or until you request deletion.
Validation reports — retained until you delete them or delete your account.
Website technical data — retained only as long as operationally necessary for security, diagnostics, or system maintenance.
Sub-processors
We use the following sub-processors to deliver our services. Each processes data only as necessary to provide their function:
Stripe — payment processing and subscription management
Resend — transactional email delivery
DigitalOcean — application hosting and object storage
Cloudflare — application delivery and security
International Transfers
Some sub-processors operate infrastructure in the United States. Where personal data is transferred outside the UK, we rely on appropriate safeguards, including the UK International Data Transfer Agreement (IDTA) or equivalent mechanisms.
Cookies
PreFlight uses a single httpOnly session cookie to maintain your authenticated session. We do not use advertising cookies, analytics trackers, or third-party tracking cookies.
Individual Rights
Under UK data protection law, you may have the right to access, correct, delete, port, or object to processing of your personal data.
To exercise these rights, contact [email protected]. You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
Security
We protect your data using encrypted connections (HTTPS), hashed passwords, and immediate deletion of uploaded datasets after validation. Access to production systems is restricted to authorised personnel.
Children
PreFlight is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18.
Changes to This Notice
We may update this Privacy Notice from time to time. Material changes will be reflected on this page with an updated date.
Contact
For privacy questions or requests: [email protected]