Pilot Medical Guardian
Privacy Policy
Pilot Medical Guardian is built so that we — the developer — cannot see your health, disclosure, or Special Issuance data. This isn't a promise to behave; it's how the app is built.
Your records — health readings, doctor visits, medications, medical history, Special Issuance profiles, documents, and certificates — are stored on your device and sync only through your own iCloud private database. We operate no server that holds this data and cannot query it.
If you connect Apple Health, we request read-only access to the metric types you choose. We never write to Health, never use health data for advertising, and never send it to any server. It flows only: Apple Health → your device → your own iCloud.
If you tap "Use Current Location" in the AME Directory, your location is used only on your device to sort AMEs by distance. It is never stored or sent anywhere.
Scanned documents are turned into PDFs on your device, encrypted at rest, and synced only through your iCloud private database. On-device text recognition (OCR) never leaves your device.
When you enable PMG's optional Safari extension, it runs only on medxpress.faa.gov. The extension reads your already-saved records (medications, doctor visits, medical history answers) from the same on-device storage as the main app, through Apple's shared App Group mechanism — your data never transits any server. It writes those records into MedXPress's form fields so you don't have to retype them at every renewal. You can disable the extension any time in Safari's settings; the main app keeps working without it. Like the rest of PMG, the extension uses no analytics, sends nothing to the developer, and connects to no third-party service.
The app downloads public FAA reference data (thresholds, medications, requirements, AME data) as anonymous static files. These requests carry no identifier and no health data — they look like any other file download. Nothing about you is ever sent back.
There is no analytics SDK on your health data, no advertising, and we never sell your data. If product analytics are ever added, they will be anonymous, opt-in, and will never include health content.
You can archive or permanently delete any record, and "Erase All Data & Start Over" removes everything from your device and iCloud. Because your data lives in your iCloud, it is also governed by your Apple account security.
Questions about this policy or how the app handles data can be sent through the app's TestFlight beta feedback channel. A dedicated support email will be added when the app leaves beta.
This app is an information and record-keeping tool — not medical, legal, or FAA compliance certification, and not medical advice.