Privacy Policy

Last Updated: 1 Feb 2026

1. Introduction

Welcome to the Privacy Policy of Apano Aviation Private Limited ("Apano", "Company", "we", "us", "our"). We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you access or use our website Apano.in ("Website", "Platform"), and any related services (collectively, the "Services").

By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

This Privacy Policy should be read in conjunction with our Terms and Conditions.

2. About Apano

Apano Aviation Private Limited is a discovery and information platform that connects aviation aspirants with DGCA-approved training institutes and aviation education providers across India.

Head Office:
The Gyan Cafe (Back office),
Devnagar Cross road, Gota,
Gujarat - 382481, India

Contact: [email protected] | +91 9998350330

3. Definitions

For the purposes of this Privacy Policy:

• "Personal Information" or "Personal Data" means any information that can be used to identify an individual, including but not limited to name, email address, phone number, and educational qualifications.
• "Sensitive Personal Data or Information" (SPDI) has the meaning ascribed to it under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
• "User" or "You" refers to any individual who accesses or uses our Platform.
• "Data Subject" refers to an identified or identifiable natural person whose Personal Data is processed (used primarily in the context of GDPR).
• "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
• "Third-Party Partners" includes aviation training institutes, financing companies, insurance providers, accommodation services, and other organisations with whom we may share your information.

4. Legal Framework

This Privacy Policy is drafted in compliance with:

Indian Laws:

• Information Technology Act, 2000
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

International Regulations:

• General Data Protection Regulation (GDPR) — for users in the European Union/European Economic Area
• Other applicable data protection laws based on user jurisdiction

5. Information We Collect

5.1 Information You Provide Directly

When you use our Platform, you may provide us with:

Account Information:

• Full name
• Email address
• Phone number (mobile)
• Password (encrypted)

Profile Information:

• Date of birth and age
• Gender
• City, state, and country of residence
• Educational qualifications (10th, 12th, graduation details)
• Current educational status

Inquiry Information:

• Course preferences and interests
• Institute preferences
• Career goals and aspirations
• Budget and financing preferences
• Preferred location for training
• Any specific questions or requirements

Communication Records:

• Emails exchanged with our team
• Phone call recordings (consultation calls)
• WhatsApp conversation history
• Chat transcripts
• Feedback and reviews submitted

5.2 Information Collected Automatically

When you access our Platform, we automatically collect:

Device and Browser Information:

• IP address
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution
• Unique device identifiers

Usage Information:

• Pages visited and time spent on each page
• Navigation patterns and click behaviour
• Search queries entered on the Platform
• Features used and interactions
• Referring website or source
• Date and time of access

Location Information:

• Approximate geographic location based on IP address
• City and country level location data

5.3 Information from Cookies and Tracking Technologies

We use cookies and similar technologies to collect:

• Session information
• User preferences
• Authentication status
• Analytics data
• Advertising identifiers

For detailed information, please see Section 11 (Cookies and Tracking Technologies).

5.4 Information from Third Parties

We may receive information about you from:

• Partner Institutes (confirmation of inquiries or admissions)
• Advertising platforms (campaign attribution data)
• Analytics providers (aggregated user insights)
• Publicly available sources (for verification purposes)

6. How We Use Your Information

6.1 Primary Purposes

We use your Personal Information to:

Provide Our Services:

• Match you with relevant aviation institutes and courses
• Process and respond to your inquiries
• Provide consultation and career guidance
• Send information about courses, fees, and admission processes
• Process Apano Wings Club membership purchases

Communication:

• Send transactional emails (inquiry confirmations, account updates)
• Provide customer support via email, phone, and WhatsApp
• Send newsletters and educational content (with consent)
• Make consultation and follow-up phone calls
• Send SMS alerts and reminders

Personalisation:

• Customise content and recommendations based on your preferences
• Remember your settings and preferences
• Provide location-relevant institute suggestions

6.2 Secondary Purposes

We also use your information to:

Analytics and Improvement:

• Analyse user behaviour and Platform performance
• Identify trends and usage patterns
• Improve our Services and user experience
• Develop new features and offerings

Marketing and Advertising:

• Send promotional offers and marketing communications
• Display targeted advertisements
• Measure advertising campaign effectiveness
• Conduct remarketing campaigns

Security and Compliance:

• Detect and prevent fraud and abuse
• Enforce our Terms and Conditions
• Comply with legal obligations
• Respond to legal requests and court orders

6.3 Call Recording Disclosure

We record consultation phone calls for the following purposes:

• Quality assurance and training
• Maintaining accurate records of advice provided
• Dispute resolution and verification
• Compliance with internal policies

By engaging in phone consultations with Apano, you consent to the recording of such calls. If you do not wish to be recorded, please inform us at the beginning of the call, and we will make alternative arrangements.

6.4 WhatsApp Communication

We use WhatsApp Business API to communicate with users. By providing your WhatsApp number and initiating or responding to conversations, you consent to:

• Receiving messages, updates, and notifications via WhatsApp
• Storage of conversation history for service continuity
• Use of conversation data to improve our Services

WhatsApp communications are also governed by WhatsApp's own privacy policy and terms.

7. Legal Basis for Processing (GDPR)

For users in the European Union or European Economic Area, we process your Personal Data based on the following legal grounds:

7.1 Consent

Where you have given explicit consent for specific processing activities, such as:

• Receiving marketing communications
• Sharing your data with Third-Party Partners
• Recording phone calls

You may withdraw consent at any time by contacting us.

7.2 Contract

Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract, such as:

• Providing our consultation services
• Processing membership purchases
• Responding to your inquiries

7.3 Legitimate Interests

Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights, such as:

• Improving our Services and user experience
• Preventing fraud and ensuring security
• Analytics and business intelligence

7.4 Legal Obligations

Where processing is necessary to comply with legal requirements, such as:

• Responding to court orders or legal requests
• Maintaining records as required by law
• Tax and accounting obligations

8. Sharing of Information

8.1 Sharing with Third-Party Partners

By using our Platform and submitting your information, you expressly consent to the sharing of your Personal Information with:

Aviation Training Institutes:

• Partner and non-partner institutes you inquire about
• For admission follow-ups and counselling

Financial Service Providers:

• Educational loan companies
• Banks and NBFCs for financing options

Insurance Providers:

• Student insurance providers
• Aviation-specific insurance companies

Accommodation Services:

• Hostel and housing providers near training institutes

Career Service Providers:

• Placement agencies
• Aviation recruitment firms

8.2 Partner Communications

Please note that:

• Our Partners may contact you directly using the information we share
• Partner communications are governed by their own privacy policies
• You may need to opt out separately with each Partner
• Apano is not responsible for how Partners handle your data after sharing

8.3 Service Providers

We share information with service providers who assist us in:

All service providers are contractually obligated to protect your data and use it only for specified purposes.

8.4 Legal and Safety Disclosures

We may disclose your information without consent when:

• Required by law, court order, or government authority
• Necessary to protect our rights, property, or safety
• Needed to prevent fraud, security threats, or illegal activities
• Required to enforce our Terms and Conditions
• Necessary in connection with legal proceedings

8.5 Business Transfers

In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of assets:

• Your information may be transferred as part of the transaction
• We will notify you before your data is transferred
• The new entity will be bound by this Privacy Policy until amended

8.6 Aggregated and Anonymised Data

We may share aggregated or anonymised data that cannot reasonably identify you with:

• Research institutions
• Industry publications
• Business partners
• The public (in reports or statistics)

9. Data Storage and Security

9.1 Data Storage Location

All Personal Information is stored on servers located in India. We do not transfer your data to servers outside India.

9.2 Security Measures

We implement reasonable security practices and procedures as required under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, including:

Technical Safeguards:

• Encryption of data in transit (SSL/TLS)
• Encryption of sensitive data at rest
• Secure password hashing
• Regular security assessments and audits
• Firewall and intrusion detection systems
• Access controls and authentication

Organisational Safeguards:

• Limited access to Personal Information on a need-to-know basis
• Employee training on data protection
• Confidentiality agreements with staff
• Incident response procedures
• Regular review of security practices

9.3 Security Limitations

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you acknowledge that you provide information at your own risk.

9.4 Your Security Responsibilities

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using strong, unique passwords
• Logging out of shared or public devices
• Notifying us immediately of any unauthorised access

10. Data Retention

10.1 Retention Period

We retain your Personal Information for:

10.2 Extended Retention

We may retain data beyond the standard period for:

• Ongoing legal disputes or investigations
• Compliance with legal retention requirements
• Prevention of fraud (flagged accounts)
• Anonymised research and analytics

10.3 Post-Retention

After the retention period expires:

• Data is permanently deleted from active systems
• Anonymised data may be retained for analytics
• Backup copies are purged within 90 days

11. Cookies and Tracking Technologies

11.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Website. They help us recognise your device and remember information about your visit.

11.2 Types of Cookies We Use

Essential Cookies:

• Required for basic website functionality
• Session management and authentication
• Security and fraud prevention
• Cannot be disabled

Analytics Cookies:

Marketing/Advertising Cookies:

Preference Cookies:

• Language and regional settings
• Display preferences
• User customisations

11.3 Email Tracking

Our email marketing platform (Listmonk) uses tracking technologies to monitor:

• Email open rates (via tracking pixels)
• Link clicks within emails
• Time of email engagement
• Device and email client used

This helps us understand email effectiveness and send more relevant content.

11.4 Conversion Pixels

We use conversion pixels (1x1 pixel images) to:

• Track user actions on lead collection forms
• Measure advertising campaign effectiveness
• Attribute conversions to specific campaigns
• Optimise advertising spend

11.5 Managing Cookies

You can control cookies through:

Browser Settings:

• Most browsers allow you to block or delete cookies
• Settings vary by browser (Chrome, Firefox, Safari, Edge)
• Note: Blocking essential cookies may affect functionality

Opt-Out Links:

• Meta (Facebook): Facebook Ad Preferences
• Google: Google Ad Settings
• General opt-out: Your Online Choices

Do Not Track:

• We currently do not respond to "Do Not Track" browser signals
• We recommend using cookie management tools instead

11.6 Local Storage

In addition to cookies, we may use:

• Local Storage — for persistent preferences
• Session Storage — for temporary session data
• IndexedDB — for offline functionality (if applicable)

12. Your Rights and Choices

12.1 Rights for All Users

Regardless of your location, you have the right to:

Access: Request a copy of the Personal Information we hold about you.

Correction: Request correction of inaccurate or incomplete information.

Deletion: Request deletion of your Personal Information, subject to legal retention requirements.

Opt-Out of Marketing: Unsubscribe from promotional communications at any time.

Withdraw Consent: Withdraw previously given consent for specific processing activities.

12.2 Additional Rights for EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you also have:

Right to Restriction: Request that we limit how we use your data in certain circumstances.

Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.

Right to Object: Object to processing based on legitimate interests or for direct marketing.

Right to Not Be Subject to Automated Decision-Making: Not be subject to decisions based solely on automated processing that significantly affect you.

Right to Lodge a Complaint: File a complaint with your local data protection authority.

12.3 How to Exercise Your Rights

To exercise any of these rights:

Email: [email protected]
Subject Line: "Privacy Rights Request - [Your Request Type]"

Include:

• Your full name
• Registered email address or phone number
• Specific right you wish to exercise
• Any relevant details or documentation

Response Timeline:

• Acknowledgement: Within 48 hours
• Fulfilment: Within 30 days

We may request identity verification before processing your request.

12.4 Opting Out of Communications

Email Marketing:

• Click "Unsubscribe" link at the bottom of any promotional email
• Email us at [email protected] with subject "Unsubscribe"

SMS Messages:

• Reply "STOP" to any promotional SMS
• Contact us to update preferences

Phone Calls:

• Inform our team during any call
• Email us to be added to our internal Do Not Call list

WhatsApp:

• Reply "STOP" to opt out of promotional messages
• Block or delete the conversation

Note: Opting out of promotional communications does not affect transactional messages related to your account, inquiries, or purchases.

13. Communication Consent and DND Override

13.1 Express Consent

By registering on our Platform, submitting an inquiry, or providing your contact information, you expressly consent to receive communications from Apano and our Partners through:

• Email
• SMS / Text Messages
• Phone Calls
• WhatsApp Messages
• Push Notifications (if applicable)

13.2 DND/DNC Override

By providing your contact information and agreeing to this Privacy Policy, you expressly authorise Apano and its Partners to contact you irrespective of your registration under:

• Do Not Disturb (DND) Registry
• Do Not Call (DNC) Registry
• National Customer Preference Register (NCPR)

This authorisation is valid for 365 days from your last interaction with our Platform and is automatically renewed upon subsequent interactions.

13.3 Partner Communications

You acknowledge that:

• Our Partners may contact you using shared information
• Partner communications are independent of Apano
• You may need to opt out separately with each Partner
• Apano cannot control Partner communication frequency

14. Children's Privacy

14.1 Age Restriction

Our Platform is intended for users who are at least 16 years of age. We do not knowingly collect Personal Information from children under 16.

14.2 Parental Consent

Users between 16 and 18 years of age should have parental or guardian consent before using our Platform.

14.3 Discovery and Deletion

If we discover that we have collected Personal Information from a child under 16 without appropriate consent:

• We will promptly delete such information
• We will terminate the associated account
• We may notify the parent or guardian if contact information is available

14.4 Parental Requests

Parents or guardians who believe their child has provided information to us may contact us at [email protected] to request deletion.

15. Third-Party Links and Services

15.1 External Links

Our Platform may contain links to third-party websites, including:

• Institute websites
• Social media platforms
• Payment gateways
• Educational resources

15.2 No Control

We have no control over and are not responsible for:

• Privacy practices of third-party websites
• Content on external websites
• Security of third-party services
• How third parties use your information

15.3 Recommendation

We encourage you to review the privacy policies of any third-party websites you visit. Clicking on external links is at your own risk.

15.4 Social Media

If you interact with us through social media platforms (Facebook, Instagram, LinkedIn, Twitter/X, YouTube), your interactions are governed by those platforms' privacy policies in addition to ours.

16. Data Breach Notification

16.1 Breach Response

In the event of a data breach that affects your Personal Information, we will:

Immediate Actions:

• Contain and assess the breach
• Determine the scope and impact
• Implement remedial measures

Notification:

• Notify affected users within 72 hours of becoming aware of the breach
• Notify relevant authorities as required by law
• Provide details about the nature of the breach, data affected, and steps taken

16.2 Notification Content

Our breach notification will include:

• Description of the incident
• Types of data potentially affected
• Steps we have taken to address the breach
• Recommendations for you to protect yourself
• Contact information for questions

16.3 Your Responsibility

If you suspect unauthorised access to your account or data, please notify us immediately at [email protected].

17. Artificial Intelligence and Data Processing

17.1 AI-Generated Content

Our Platform may contain content generated or assisted by artificial intelligence, including:

• Articles and educational content
• Institute descriptions
• Metadata and SEO content
• Personalised recommendations

17.2 Data Processing for AI

By using our Platform, you acknowledge that your interaction data may be processed to:

• Improve recommendation algorithms
• Enhance content relevance
• Develop new features
• Conduct analytics and research

17.3 Anonymisation

Personal identifying information is anonymised or aggregated before being used for AI training or improvement purposes.

17.4 No Automated Decision-Making

We do not use fully automated decision-making processes that significantly affect users (such as account termination or membership denial) without human review.

18. International Data Transfers

18.1 Data Location

All Personal Information is stored on servers located in India. We do not transfer your data to servers outside India.

18.2 International Users

If you access our Platform from outside India:

• Your data will be transferred to and processed in India
• By using our Platform, you consent to this transfer
• You are responsible for compliance with your local laws

18.3 GDPR Transfers

For EU/EEA users, data transfers to India are conducted based on:

• Your explicit consent
• Necessity for contract performance
• Standard Contractual Clauses (where applicable)

19. Changes to This Privacy Policy

19.1 Right to Update

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices or Services
• Legal or regulatory requirements
• Industry standards
• User feedback

19.2 Notification of Changes

We will notify you of material changes through:

• Prominent notice on our Website
• Email notification to registered users
• Updated "Last Modified" date at the top of this page

19.3 Your Continued Use

Your continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, please discontinue use and contact us to delete your account.

19.4 Review Recommendation

We recommend reviewing this Privacy Policy periodically for any updates.

20. Grievance Redressal and Data Protection Officer

20.1 Grievance Officer / Data Protection Officer

In accordance with the Information Technology Act, 2000, SPDI Rules, 2011, and GDPR requirements, we have appointed a Grievance Officer who also serves as our Data Protection Officer:

Name: Shweta Chauhan
Designation: Grievance Officer / Data Protection Officer
Email: [email protected]
Phone: +91 9998350330
Office Address: The Gyan Cafe (Back office), Devnagar Cross road, Gota, Gujarat - 382481, India

20.2 Filing a Privacy Complaint

You may file a privacy-related complaint by:

• Visiting our Grievance and Complaints page
• Emailing [email protected] with subject "Privacy Complaint"
• Writing to our registered address

20.3 Complaint Process

Complex matters may require additional time, and you will be notified accordingly.

20.4 Escalation

If you are unsatisfied with our response, you may escalate to:

For Indian Users:

• Appropriate government authorities under IT Act

For EU/EEA Users:

• Your local Data Protection Authority
• The lead supervisory authority

21. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Apano Aviation Private Limited

Registered Office:
The Gyan Cafe (Backoffice),
Devnagar Cross Road, Gota
Gujarat - 382481, India

Email: [email protected]
Phone: +91 9998350330

Useful Links:

• Terms and Conditions
• Contact Us
• Grievance and Complaints

22. Acknowledgement

By using the Apano.in Platform, you acknowledge that you have read, understood, and agree to this Privacy Policy. You consent to the collection, use, and sharing of your information as described herein.

Copyright 2026 Apano Aviation Private Limited. All rights reserved.