Privacy policy
IO Aerospace - Privacy Policy
Last updated: 08 April 2026
------------------------------------------------------------------------
1. Introduction
IO Aerospace (“we”, “us”, “our”) is committed to protecting the privacy
of individuals who visit our websites, use our software, or subscribe to
our services. This Privacy Policy explains how we collect, use, store,
and protect personal data in connection with our websites and services.
This policy applies to: io-aerospace.org, docs.io-aerospace.org,
api.io-aerospace.org, and mcp.io-aerospace.org (collectively, the
“Websites”), as well as to all commercial products and services offered
by IO Aerospace, including the IO.Astrodynamics software framework, the
REST API Service, and the MCP Server Service.
IO Aerospace processes personal data in accordance with Regulation (EU)
2016/679 (General Data Protection Regulation, “GDPR”) and French Law
No. 78-17 of 6 January 1978 (Loi Informatique et Libertes), as amended.
------------------------------------------------------------------------
2. Data Controller
The data controller is:
- Business name: IO Aerospace
- Legal form: Micro-entreprise registered in France
- SIRET: 523 747 178 00052
- Publication Director: Sylvain Guillet
- Contact email: contact@io-aerospace.org
------------------------------------------------------------------------
3. Data We Collect
3.1. Data You Provide Directly
-----------------------------------------------------------------------
Category Examples When collected
------------------- ------------------- -------------------------------
Account data Name, email Account creation, license
address, company subscription
name, job title
Billing data Billing address, Purchase or subscription
company VAT number
Support data Email address, When you contact support
content of support
requests
Communication data Email address, When you contact us via email
message content or forms
-----------------------------------------------------------------------
Payment card details are collected and processed exclusively by our
payment processor, Stripe, Inc. IO Aerospace never stores, accesses, or
processes payment card numbers.
3.2. Data Collected Automatically
------------------------------------------------------------------------
Category Examples Purpose
------------------------ ------------------------ ----------------------
Server logs IP address, browser type Security, fraud
and version, operating prevention, analytics
system, pages visited,
timestamps, referring
URL
Cookies and similar Session identifiers, Website functionality,
technologies preferences analytics
------------------------------------------------------------------------
3.3. Data Submitted to SaaS Services
When using the REST API or MCP Server, you may submit computational data
(orbital parameters, ephemeris data, trajectory inputs, etc.). This data
is processed solely to perform the requested computation and return
results. We do not persistently store computational data beyond the
duration of each API request unless explicitly agreed otherwise in
writing.
This computational data is not expected to contain personal data. If you
intend to submit data that includes personal data, you must inform us in
advance so that a Data Processing Agreement (DPA) can be executed in
compliance with Article 28 GDPR.
3.4. Data NOT Collected by the Software
The IO.Astrodynamics software framework (Community and Pro Editions)
operates entirely offline. It does not collect, transmit, or process any
personal data. License validation is performed locally using RSA-2048
cryptographic verification with no network communication, no activation
server, and no telemetry.
------------------------------------------------------------------------
4. Purposes and Legal Bases
-----------------------------------------------------------------------
Purpose Legal basis (GDPR Art. 6)
----------------- -----------------------------------------------------
Subscription Performance of a contract (Art. 6(1)(b))
management,
license delivery,
and account
administration
Payment Performance of a contract (Art. 6(1)(b))
processing and
invoicing
Technical support Performance of a contract (Art. 6(1)(b))
Website security, Legitimate interest (Art. 6(1)(f))
fraud prevention,
and abuse
detection
Website analytics Legitimate interest (Art. 6(1)(f))
and improvement
Compliance with Legal obligation (Art. 6(1)(c))
legal and tax
obligations
Marketing Consent (Art. 6(1)(a))
communications
(if applicable,
opt-in only)
-----------------------------------------------------------------------
We do not use personal data for automated decision-making or profiling.
------------------------------------------------------------------------
5. Data Retention
-----------------------------------------------------------------------
Category Retention period
-------------------------- --------------------------------------------
Account and billing data Duration of the business relationship + 10
years (French statutory accounting retention
under Article L123-22 of the Code de
Commerce)
Support correspondence Duration of the subscription + 24 months
Server logs 12 months maximum
Cookies See Section 8 below
Computational data (SaaS) Not retained beyond the duration of each
request
-----------------------------------------------------------------------
At the end of the applicable retention period, personal data is deleted
or anonymized.
------------------------------------------------------------------------
6. Data Recipients and Transfers
We may share personal data with the following categories of recipients,
strictly on a need-to-know basis and under appropriate contractual
safeguards:
----------------------------------------------------------------------------
Recipient Role Location Safeguards
-------------------- -------------- ------------------ ---------------------
Wix.com Ltd Website Israel EU adequacy decision
hosting or Standard
Contractual Clauses
(SCCs)
Stripe, Inc. Payment United States Standard Contractual
processing Clauses (SCCs),
PCI-DSS compliance
GitHub, Inc. NuGet package United States Standard Contractual
hosting, code Clauses (SCCs)
repositories
SaaS infrastructure REST API and European Economic Data remains within
provider(s) MCP Server Area (EEA) the EEA
hosting
----------------------------------------------------------------------------
We do not sell, rent, or trade personal data to any third party. We do
not share personal data with advertisers.
If a transfer of personal data outside the EEA is required, we ensure
that appropriate safeguards are in place in accordance with GDPR Chapter
V (e.g., adequacy decisions, Standard Contractual Clauses, or Binding
Corporate Rules).
------------------------------------------------------------------------
7. Data Security
We implement appropriate technical and organizational measures to
protect personal data against unauthorized access, alteration,
disclosure, or destruction. These measures include, but are not limited
to:
- Encryption of data in transit (TLS/HTTPS on all Websites and API
endpoints)
- Access controls limited to authorized personnel
- Regular security reviews of infrastructure and dependencies
- Use of established, security-audited third-party processors (Stripe,
Wix, GitHub)
While we take reasonable precautions, no method of transmission over the
internet or method of electronic storage is 100% secure. We cannot
guarantee absolute security.
------------------------------------------------------------------------
8. Cookies
8.1. What Are Cookies
Cookies are small text files stored on your device when you visit a
website. They serve various purposes, including ensuring the website
functions properly and providing analytics data.
8.2. Cookies We Use
------------------------------------------------------------------------
Type Purpose Duration
----------------- ------------------------- ----------------------------
Strictly Website functionality, Session or up to 12 months
necessary session management
Analytics Understanding website Up to 12 months
usage and improving our
services
Third-party (Wix) Hosting platform Varies; see Wix privacy
functionality policy
------------------------------------------------------------------------
8.3. Managing Cookies
You may configure your browser to refuse all or some cookies, or to
alert you when cookies are being set. Instructions vary by browser:
- Chrome: Settings > Privacy and Security > Cookies
- Firefox: Settings > Privacy & Security > Cookies
- Safari: Preferences > Privacy
- Edge: Settings > Cookies and Site Permissions
Disabling cookies may affect the functionality of certain features of
the Websites.
------------------------------------------------------------------------
9. Your Rights
Under the GDPR, you have the following rights regarding your personal
data:
-----------------------------------------------------------------------
Right Description
------------------------ ----------------------------------------------
Access (Art. 15) Obtain confirmation of whether we process your
data and request a copy
Rectification (Art. 16) Request correction of inaccurate or incomplete
data
Erasure (Art. 17) Request deletion of your data (“right to be
forgotten”) where applicable
Restriction (Art. 18) Request restriction of processing in certain
circumstances
Portability (Art. 20) Receive your data in a structured, commonly
used, machine-readable format
Objection (Art. 21) Object to processing based on legitimate
interest
Withdraw consent (Art. Withdraw consent at any time where consent is
7(3)) the legal basis (without affecting the
lawfulness of prior processing)
-----------------------------------------------------------------------
How to Exercise Your Rights
Send your request by email to: contact@io-aerospace.org
Please include sufficient information to verify your identity (name,
email address associated with your account). We will respond within
thirty (30) calendar days. If the request is complex or voluminous, we
may extend this period by an additional sixty (60) days, with prior
notification.
Right to Lodge a Complaint
If you believe that your data protection rights have been violated, you
have the right to lodge a complaint with the French Data Protection
Authority:
Commission Nationale de l’Informatique et des Libertes (CNIL) 3 Place de
Fontenoy, TSA 80715, 75334 Paris Cedex 07, France https://www.cnil.fr
------------------------------------------------------------------------
10. Children
Our Websites and services are not directed at individuals under the age
of 16. We do not knowingly collect personal data from children. If we
become aware that we have collected personal data from a child under 16,
we will take steps to delete that data promptly.
------------------------------------------------------------------------
11. Third-Party Links
The Websites may contain links to third-party websites. We are not
responsible for the privacy practices or content of those websites. We
encourage you to read the privacy policy of any third-party website you
visit.
------------------------------------------------------------------------
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes
will be communicated via a notice on the Websites or by email to
registered users at least thirty (30) calendar days before they take
effect. The “Last updated” date at the top of this policy indicates the
most recent revision.
------------------------------------------------------------------------
13. Contact
For any questions or requests regarding this Privacy Policy or the
processing of your personal data:
IO Aerospace SIRET: 523 747 178 00052 Email: contact@io-aerospace.org
Website: https://io-aerospace.org
------------------------------------------------------------------------
This Privacy Policy is drafted in English. In the event of any conflict
between the English version and any translation, the English version
shall prevail.