Why Your Logbook Should Stay Private — And Why Most Don't

Your career is in your logbook. The hours you've flown, the airports you've landed at, the airline you flew for in 2018. When you hand it to an app, you're handing all of that to whoever runs the app.

What's actually in your logbook

Stop and inventory the data your logbook holds. For a typical commercial pilot:

Every airport you've ever landed at, with date and time
Every aircraft type you're rated on, with registration history
Total hours by category, class, role (PIC / SIC / instructor)
Recency status — when you last flew, when you last did night landings
Medical certificate expiry, type rating expiry, recurrent training dates
For airline pilots: which carrier you flew for in which years
Per-diem records — which countries you spent how many days in

That data set, taken together, is more revealing than your social media profile, your email archive, and your bank statements combined. It paints a complete picture of your professional life — and increasingly of your personal one too. Where you were on Tuesday. Whether you flew on a holiday. Whether you've been sick. Whether you switched employers and didn't tell anyone yet.

Where most apps put it

The dominant storage pattern in our industry is the same as everywhere else in software: a cloud sync service running on AWS or Azure, owned by the app vendor, containing every customer's data. Apps like Wingman, parts of LogTen Pro's sync, and most cross-platform logbook tools follow this pattern. There are real reasons:

Cross-platform sync requires a server in the middle
Web access requires a server
Web admin tools (for instructors managing students, for airline crew offices) require a server
Data analytics across the user base requires a server

None of those reasons are sinister. But the result is the same: your career data sits on a database the vendor controls, accessible to engineers with the right credentials, indexable by support staff, and one breach away from being public.

What pilots ignore that they shouldn't

The privacy policy. Specifically, the section labelled "Data Sharing" or "Third Parties". For most logbook apps, that section reads — paraphrasing — "we may share aggregated and anonymised flight data with our analytics partners". That sounds harmless. It often isn't.

"Aggregated and anonymised" usually means stripped of name and email. It rarely means stripped of pattern. If your data shows monthly hours, route patterns, aircraft types, recency timing — it can be re-identified against publicly available crew schedules, FAA airman registry, and LinkedIn profiles in well under an hour. The academic literature on re-identification of "anonymised" data is brutal on this point.

"Anonymisation is a state, not a process. Data that is anonymous today can become identifying tomorrow when paired with another release."

The breach question

Every cloud database is one zero-day, one phishing victim, or one disgruntled engineer away from exposure. Pilot logbook data has been leaked at least three times in the past five years that we know of, by smaller vendors. The major brands haven't publicly disclosed leaks — which doesn't mean none have occurred.

If your logbook leaks, the consequences range from "embarrassing" to "career-affecting". Your monthly hours pattern reveals when you were furloughed. Your route history reveals when you switched airlines. Your medical expiry pattern reveals when you went off the line for a health reason. None of this should be third-party knowledge.

The Apple iCloud alternative

iCloud Private Database is a Apple-managed sync service where your data is encrypted in transit and at rest, and crucially the application developer cannot read it. They define the schema (what tables, what fields), Apple stores the data in your iCloud account, and the app reads it back via the same API. The vendor never sees the data.

The architecture has constraints — it only works for iOS / iPadOS / macOS / watchOS users, it doesn't easily support web access, it depends on Apple's infrastructure being up. But for a pilot logbook those constraints are acceptable. Apple is a good enough custodian that the privacy improvement is real.

This is the model Flight Log uses. There is no Flight Log server. Your data syncs directly between your devices through your private iCloud, and we cannot access it. We have no analytics dashboard showing your hours. We have no breach-able database holding your routes. If we go out of business, your logbook continues to function on the iOS device — your data was never ours.

Privacy as architecture, not as policy.

Your flights live only in your iCloud. We can't read them, sell them, or lose them in a breach.

View on App Store

Trade-offs we accept by going this route

We're not pretending this is free. Building Flight Log on private iCloud means:

No Android version. Period. The architecture doesn't translate.
No web access. You can't view your logbook on a borrowed laptop.
No instructor dashboard for student logbooks. Each pilot's data is isolated to their own iCloud.
No vendor-side analytics. We don't know how many flights our users log, what aircraft types are popular, or which features are used. We have to guess.

For a working line pilot, those costs don't bite. iOS is dominant in the cockpit. Web access on a borrowed laptop isn't a real workflow. Instructor dashboards are a feature for a different product (a flight school management tool, not a personal logbook).

What to do if you're already on a cloud-based logbook

You don't have to migrate. The data isn't more sensitive next year than it is today. But before you renew the next subscription, do this:

Read the current privacy policy. Search for "third party", "share", "analytics", "aggregate". Note what's actually said.
Look at the sync architecture. If the vendor offers a web app, your data is on their server.
Export everything. CSV is universal. Make a copy you control before you decide anything.
Decide if the trade-off works for you. A free or near-free logbook with cloud analytics may genuinely be the right call. A paid private one may be too. Pick deliberately.

The unsexy truth

Privacy is the kind of feature you don't notice when it's working. It only becomes visible at the moment of breach — and by then you can't get the data back. Most pilots, like most consumers, choose convenience over privacy because the cost of the wrong choice is invisible until it's catastrophic.

We built Flight Log on the opposite bet. Your career history is yours, period. The price we pay for that bet is the absence of features that would require us to see your data. We think it's the right trade. You may disagree — and there's room in the market for both kinds of product.

But you should know which one you're using.