Privacy Policy

Checkride Academy is an independent, non-Part-141 self-study course and study aid. We are not affiliated with, approved by, accredited by, or endorsed by the Federal Aviation Administration (FAA) or any government agency. Our materials and AI tutor are a study aid and are not an authoritative source. Always verify against the current ACS, FARs, AIM, and consult your certificated flight instructor (CFI). We do not guarantee any test, checkride, or examination result.

The Checkride Academy service is operated by Oneways AI, Inc., a Delaware corporation (“Oneways AI,” “we,” “us,” or “our”). This policy applies to the Checkride Academy storefront (checkride.academy) and the learning application (learn.checkride.academy), together the “Service,” and describes how we handle personal data of visitors, customers, and learners. Because we are a self-study product and not an FAA-certificated pilot school, FAA training-recordkeeping rules (14 CFR Part 141) do not apply to us; we do not maintain airman certification records, and we are not a custodian of FAA knowledge-test, IACRA, or FTN data.

• Account & purchase data (via Shopify and Shopify Customer Accounts): name, email address, billing/shipping address, and order history.
• Payment data: card payments are collected and processed by our payment providers; we do not receive or store your full card number (see “Payments”).
• Learning data (stored in our database, Supabase): your learner profile linked to your store account, course entitlements, lesson progress, and quiz attempts.
• AI tutor conversations: messages you send to the in-app AI tutor (see “AI tutor”).
• Technical & error data: limited device/log and error-diagnostic data used to keep the Service working (see “Error monitoring”).

• To create and operate your account and deliver the courses you purchase.
• To track and display your study progress, readiness, and entitlements.
• To provide the AI tutor feature you choose to use.
• To process payments, prevent fraud, and provide support.
• To maintain security, debug errors, and improve the Service.
• With your consent, for analytics (see “Cookies & analytics”).

We share personal data with the following processors strictly to operate the Service:

• Shopify — storefront, customer accounts, checkout, and payment processing.
• Supabase — database hosting for learner profiles, entitlements, and progress.
• Anthropic — provides the large language model that powers the AI tutor (see below).
• Sentry — error monitoring and diagnostics.

We do not sell your personal information. We share only the categories of data each provider needs for its function, under data-processing terms.

When you use the AI tutor, the messages you submit are sent to our LLM provider, Anthropic, to generate a response. You are interacting with an AI system, not a human, and the tutor is a study aid — its answers may be incomplete or wrong and are not authoritative. By default, Anthropic does not use data submitted through its API to train its models. If you submit explicit feedback on a tutor response, that feedback may be retained for a limited period in de-identified form. Please do not submit sensitive personal information to the tutor.

We do not collect or store your full payment card number. Payments are collected and processed directly by our payment provider (Shopify and its payment processors), which are PCI-DSS-compliant. Card data is transmitted to and handled by those providers, not stored on our systems.

We use cookies that are strictly necessary to run the Service (including sign-in and the cross-subdomain session cookies shared between the storefront and the learning app) — these do not require consent. We use analytics cookies only after you give consent through our cookie banner. You can change or withdraw your choice at any time using the banner controls. The banner requires an affirmative action to accept; we do not treat scrolling or closing the banner as consent.

Depending on where you live (for example, California, Colorado, or Virginia), you may have the right to:

• Know/access the personal data we hold about you;
• Correct inaccurate data;
• Delete your data;
• Obtain a portable copy;
• Opt out of any “sale” or “sharing” of personal data and of targeted advertising;
• Limit the use of sensitive personal information; and
• Not be discriminated against for exercising these rights.

To exercise any right, email privacy@checkride.academy. We will verify your request and respond as required by law (generally within 45 days). If we deny a request, you may appeal by replying to our decision; we will inform you of the outcome and, where applicable, how to contact your state attorney general.

The Service is intended for users 13 and older. It is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us data, contact privacy@checkride.academy and we will delete it. Some state laws treat the data of children under 13 as sensitive and require opt-in consent; we do not knowingly process such data.

We are based in the United States, and your data is processed in the United States and on our providers’ infrastructure. If you access the Service from outside the United States, you understand your data will be transferred to and processed in the United States. Where required for individuals in the EU/UK, we rely on appropriate safeguards for international transfers.

We keep personal data for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or de-identify it.

We use administrative and technical safeguards designed to protect personal data, and we configure our error monitoring to minimize personal data (see below). No method of transmission or storage is perfectly secure. In the event of a data breach affecting your personal information, we will notify affected users and applicable regulators (and, where required, consumer reporting agencies) without unreasonable delay and as required by the data-breach notification laws of each affected individual’s state of residence.

We use Sentry to detect and diagnose errors. Our error reports are minimized by design: they include only the error type and message, basic diagnostics, and the request method and path — never cookies, query strings, form data, or account identifiers. We restrict IP-address storage in our error-monitoring project. Sentry acts as our processor under a data-processing agreement.

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, by additional notice.