How Stratose Technologies collects, uses, discloses, transfers and protects Personal Data in connection with its Aviation Enterprise SaaS Platform — issued under the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.
| Document | Privacy Policy |
| Document owner | Stratose Technologies FZ-LLC |
| Version | 1.0 |
| Effective date | 01 May 2026 |
| Jurisdiction | United Arab Emirates — Dubai |
| Governing law | UAE Federal Law and Dubai law |
| Classification | Confidential — Stratose Internal & Counterparty Use |
| Prepared by | Drafted by the Stratose Compliance, Privacy & Legal Department |
| Approver | Chief Executive Officer / General Counsel, Stratose Technologies |
Section 1
This Privacy Policy ("Policy") is issued by Stratose Technologies FZ-LLC ("Stratose", "we", "us", or "our"), a free zone limited liability company organized under the laws of the United Arab Emirates and a member of HOTRAC GROUP, with registered office at Stratose Technologies FZ-LLC, Dubai Internet City, Building 12, Office 305, P.O. Box 503000, Dubai, United Arab Emirates.
Stratose operates an integrated aviation enterprise software-as-a-service platform (the "Platform") delivering modules including, without limitation, Electronic Flight Journey Log (EFJL), CrewOps, Continuing Airworthiness Management (CAMO), PSS / GDS, Commercial, Stratbook / Electronic Flight Bag (EFB), Fuel Management, and Cargo & Baggage Reconciliation, to airlines, CAMO, repair and overhaul (MRO) organizations, charter operators and other regulated aviation entities (each, a "Customer") in the UAE, the wider GCC, West Africa and beyond.
This Policy describes how Stratose Processes Personal Data: (i) provided directly to us in the course of our marketing, sales, contracting, billing, support and corporate operations (where Stratose acts as Controller); and (ii) provided to us by Customers in the course of their use of the Platform (where Stratose typically acts as Processor on the Customer's instructions).
Section 2
This Policy applies to all Personal Data Processed by Stratose in connection with: (a) the Stratose websites and digital properties operating under the stratose.aero domain and its sub-domains; (b) the Platform and any modules, APIs, mobile applications, EFB applications, web portals and integrations forming part of it; (c) interactions with prospective and existing Customers, suppliers, partners, regulators and other counterparties; and (d) Stratose's corporate, recruitment, marketing and administrative activities.
Section 3
Aviation operations involve overlapping accountability between operators, MROs, ground service providers, regulators and technology providers. This section sets out, by data category, when Stratose acts as Controller and when it acts as Processor.
| Data category | Examples | Controller | Processor |
|---|---|---|---|
| Customer-uploaded operational data | Crew rosters, journey logs, technical logs, fuel records, load sheets, MEL/CDL, MX work orders, dispatch releases | Customer (airline, MRO, operator) | Stratose |
| Crew & engineer credentials | CAR-FCL license, ratings, medical class, CAR-66 engineer authorizations | Customer | Stratose |
| Passenger data via PSS / GDS | PNR, API/APIS data, contact details, payment tokens, special service requests | Customer (carrier of record) | Stratose |
| Marketing & sales contacts | Prospect names, business contact details, communications preferences | Stratose | — |
| Customer admin user accounts | Account holder name, business email, role, audit trail of in-platform actions | Stratose (account integrity, security, billing) | Joint touchpoints |
| Billing & financial counterparty data | Invoicing details, signatory data, AML/KYC documents | Stratose | — |
| Recruitment & HR data | Candidate CVs, employee records | Stratose | — |
| Website analytics & cookies | Aggregated and pseudonymized usage data on stratose.aero | Stratose | — |
Section 4
Section 5
We obtain Personal Data: (a) directly from data subjects; (b) from our Customers, who upload, configure, integrate or otherwise provide Personal Data into the Platform; (c) from Customer-authorized integrations and third-party feeds; (d) from public sources, regulators and government bodies where lawfully accessible; and (e) automatically, through the operation of the Platform, including security, audit, fraud-prevention and service-integrity logs.
Section 6
| Purpose | Lawful basis (Article 4 PDPL) |
|---|---|
| Performing pre-contractual and contractual obligations with Customers, suppliers and partners | Performance of a contract / steps to enter a contract |
| Issuing invoices, processing payments and managing accounts receivable | Performance of a contract; legal obligation (FTA VAT, Corporate Tax, AML/CFT) |
| Operating, securing, monitoring and improving the Platform | Legitimate interests of Stratose and Customers in safe, lawful, resilient aviation IT operations |
| Direct B2B marketing of Stratose products and services | Consent (where required); legitimate interests in promoting Stratose's lawful commercial activity |
| Recruitment and management of personnel | Performance of a contract; legal obligation (UAE labour law); legitimate interests |
| Compliance with regulatory obligations | Legal obligation; performance of tasks in the public interest where applicable |
| Defence of legal claims | Legitimate interests; legal obligation |
Section 7
Personal Data Processed through the Platform is integrated with safety-critical aviation operations regulated by the GCAA, ICAO Annexes 1-19, EASA reference standards, and the operator's own approvals. Where compliance with this Policy or with a data subject request would conflict with a binding regulatory obligation or directly compromise the safe conduct of flight, ground operations or CAMO, aviation safety obligations take precedence.
Section 8
Stratose discloses Personal Data only where there is a lawful basis and an appropriate contractual or regulatory framework. Categories of recipient include:
Section 9
Stratose transfers Personal Data outside the UAE only in accordance with Articles 22 and 23 of the PDPL. The Platform is hosted primarily in regional cloud infrastructure (AWS me-south-1, Bahrain, with disaster recovery in eu-central-1, Frankfurt, and an alternate Azure UAE North region for in-country residency). Transfers are encrypted in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent).
Section 10
Stratose retains Personal Data only for as long as necessary to fulfil the purposes for which it was collected, to comply with binding regulatory obligations and to protect the legal interests of Stratose, its Customers and data subjects. Aviation operational records held for Customers are retained in accordance with applicable CARs and ICAO Annex 6 requirements.
Section 11
The stratose.aero website uses strictly necessary cookies, performance cookies and (subject to consent) functional and analytics cookies. A cookie banner is displayed on first visit and consent preferences can be amended at any time via the cookie preferences link in the website footer.
Section 12
| Right (PDPL article) | What it means in the Stratose context |
|---|---|
| Right to information (Art. 13) | Receive clear information on Processing — fulfilled through this Policy. |
| Right of access (Art. 14) | Obtain confirmation of Processing and a copy of Personal Data held about you. |
| Right to correction (Art. 15) | Request correction of inaccurate or incomplete data. |
| Right to erasure (Art. 16) | Request deletion where lawful — note retention overrides for aviation safety, regulatory and legal records. |
| Right to restriction (Art. 17) | Request restriction of Processing in defined circumstances. |
| Right to data portability (Art. 18) | Receive your data in a structured, commonly used, machine-readable format. |
| Right to object (Art. 19) | Object to Processing based on legitimate interests, including direct marketing. |
| Right to lodge a complaint | With the UAE Data Office, the DIFC Commissioner of Data Protection, the ADGM ODP, or another competent supervisory authority. |
Direct enquiries to Stratose may be sent to privacy@stratose.co
Section 13
Stratose has implemented technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. These align with PDPL Article 20, the UAE Information Assurance Standards (IAS), ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 and SOC 2 Trust Services Criteria, and reference aviation security frameworks including ICAO Doc 8973 and EASA Part-IS.
Section 14
The Platform is intended exclusively for use by aviation enterprise users acting in a business capacity. Stratose does not knowingly Process Personal Data of minors.
Section 15
Stratose may update this Policy from time to time. Material changes will be notified to Customers and posted at least 30 days before they take effect, save where a shorter timeframe is required by law or to address an immediate security or compliance concern.
Section 16