Cookie Policy
COOKIE POLICY
Peak Aviation Academy OOD | Peak Aviation OOD | Peak Aviation FZC LLC
Effective Date: 22 April 2026 | Version 1.0 Website: www.peakaviation.eu
This Cookie Policy explains how Peak Aviation uses cookies and similar technologies on www.peakaviation.eu (the "Website") and in our mobile application (the "App"). It is designed to be read alongside our Privacy Notice (www.peakaviation.eu/privacy-policy) and our Terms and Conditions (www.peakaviation.eu/terms-and-conditions). If anything here is unclear, email us at [email protected] — we are happy to explain in plain language.
1. Who We Are
Peak Aviation operates through three legal entities, each acting as an independent data controller for the data processed in connection with its own products:
- Peak Aviation Academy OOD — Reg. No. 207786682, Bulgaria — Private Pilot Pathway and Certification Module (EASA DTO).
- Peak Aviation OOD — Reg. No. 205855051 / VAT BG205855051, Bulgaria — ELP Tests, ATPL Programme, B2B Training.
- Peak Aviation FZC LLC — UAE free zone company — Single Subject Modules.
Registered address for the Bulgarian entities: Puzl CoWorking, Business Centre Vitosha, Cherni Vrah 47A Blvd., Sofia, 1407, Republic of Bulgaria. Contact: [email protected].
2. What Cookies Are
A "cookie" is a small text file that a website places on your device so it can recognise you on your next visit, remember your preferences, keep you logged in, or understand how its pages are used. Where this Policy refers to "cookies", we also mean similar technologies that serve the same or equivalent functions — including pixels, tags, local storage, session storage, SDK identifiers in our App, and server-set identifiers placed via our content delivery network.
Cookies may be:
- First-party — set by www.peakaviation.eu itself.
- Third-party — set by a service we integrate (for example, Kajabi, Google, Wistia).
- Session cookies — deleted when you close your browser.
- Persistent cookies — remain until they expire or you delete them.
3. Our Legal Basis for Using Cookies
We rely on two different legal bases, reflecting both Article 5(3) of the EU ePrivacy Directive (as implemented in Bulgaria through the Electronic Communications Act) and the GDPR:
- Strictly necessary cookies are set without asking your consent, because they are essential for the Website to work or to deliver a service you have actively requested (for example, logging you into your Kajabi-hosted course). The legal basis under the GDPR is contract performance or our legitimate interests in a secure, functional site.
- All other cookies — functional, analytics, and marketing — are set only after you give consent through our cookie banner. You can withdraw that consent at any time, as easily as you gave it, and without affecting anything we lawfully did before your withdrawal.
4. Our Cookie Banner and How to Manage Your Choices
On your first visit, and whenever you clear your cookies, a consent banner from our consent management platform (CookieYes) appears. It lets you:
- Accept all non-essential cookies.
- Reject all non-essential cookies (as prominent as "Accept all").
- Customise your choices by category (Functional, Analytics, Marketing).
Reopening your preferences: you can change your choices at any time by clicking the "Cookie Settings" link in the footer of any page on www.peakaviation.eu, which re-opens the CookieYes preference centre.
Browser controls: most browsers also let you block or delete cookies directly in their settings. If you block strictly necessary cookies, parts of the Website (including checkout, account login and access to course content on our LMS) will not work.
Mobile app: in our App, you can manage equivalent tracking SDKs via the in-app Privacy Settings, and you can manage camera, microphone, and push-notification permissions through your device's operating system settings at any time.
Do Not Track / Global Privacy Control: we honour recognised browser signals where technically feasible. If your browser sends a Global Privacy Control (GPC) signal, we treat it as a withdrawal of consent for non-essential cookies.
5. The Cookies We Actually Use
The tables below list the cookies and similar technologies placed by www.peakaviation.eu, the purpose of each, whether they are first- or third-party, and their typical lifetime. Exact cookie names set by third-party providers can change without notice; we keep this list under regular review and the live banner always reflects what is actually running.
5.1 Strictly Necessary (always on — no consent required)
| Cookie / Technology | Provider | Purpose | Duration |
|---|---|---|---|
_kjb_session, Kajabi session cookies |
Kajabi (LMS/storefront host) | Keeps you signed into your Peak Aviation account and course area; maintains your shopping basket and checkout flow. | Session to 1 year |
| CSRF token | Peak Aviation / Kajabi | Protects forms (login, checkout, contact, ELP booking) against cross-site request forgery. | Session |
cookieyes-consent |
CookieYes | Records which cookie categories you have accepted or rejected, so we do not ask again on every page. | 1 year |
__cf_bm, cf_clearance |
Cloudflare | Security, bot-detection, and DDoS protection for the Website. | 30 minutes to 1 year |
| Kajabi load-balancing cookies | Kajabi | Routes you consistently to the same server for a stable session. | Session |
5.2 Functional (set only if you accept the "Functional" category)
| Cookie / Technology | Provider | Purpose | Duration |
|---|---|---|---|
crisp-client/session/... (local storage + cookies) |
Crisp (live chat) | Powers the chat widget used for customer support, remembers your conversation so you do not have to repeat yourself, and keeps your chat attached to our support inbox. | Up to 6 months |
wistia, wistia-video-progress-* (local storage) |
Wistia | Plays embedded course preview videos and remembers the point you paused at, so you can resume. | Persistent until you clear local storage |
| Language / display preferences | Peak Aviation | Remembers display choices (e.g. selected currency or region) between visits. | Up to 1 year |
5.3 Analytics (set only if you accept the "Analytics" category)
| Cookie / Technology | Provider | Purpose | Duration |
|---|---|---|---|
_ga, _ga_<container-id> |
Google Analytics 4 (via Google Tag Manager container GTM-MRDSCBNW) | Helps us count unique visitors, understand which courses and pages are read most, and measure how people move through the site. Data is aggregated; IP addresses are truncated. | Up to 2 years (we retain analytics data for 26 months, matching the Privacy Notice) |
_gid |
Google Analytics | Distinguishes users over a 24-hour period. | 24 hours |
| Kajabi storefront analytics | Kajabi | Aggregated pageview and conversion metrics for the storefront. | Up to 1 year |
Google Analytics is configured with IP anonymisation and Google signals disabled by default unless you also accept Marketing cookies. We do not use Google Analytics data to identify individual students.
5.4 Marketing / Advertising (set only if you accept the "Marketing" category)
| Cookie / Technology | Provider | Purpose | Duration |
|---|---|---|---|
_gcl_au, Google Ads cookies |
Google Ads (via GTM) | Measures conversions from our advertising (for example, when a click on a Google ad leads to a PPL enrolment) and lets us suppress ads from people who have already purchased. | Up to 90 days |
Meta Pixel (_fbp) |
Meta Platforms | Measures conversions from Facebook and Instagram campaigns and, where lawful, lets us build lookalike audiences of pilots with similar interests. | Up to 90 days |
| LinkedIn, TikTok, YouTube tags | Respective platforms | Used only if embedded on a campaign landing page; purpose as above, scoped to that campaign. | Up to 1 year |
We do not target advertising at students identified as under 16, consistent with Article 2.7 of our Privacy Notice, and we have disabled personalised advertising signals for visitors whose declared date of birth indicates they are minors.
5.5 Payment and Crypto Widgets (loaded only when you actively use them)
These are not loaded by default on general pages. They are loaded only when you start a checkout or crypto payment flow. When they load, they are a mix of strictly necessary (to complete the transaction you asked for) and functional cookies:
| Provider | When It Loads | Purpose |
|---|---|---|
| Stripe | Checkout pages | Card payment processing, fraud detection (PCI DSS Level 1 certified). |
| PayPal | Checkout pages where PayPal is offered | Payment processing and fraud prevention. |
| Coinbase Commerce / WalletLink | Crypto checkout flow | Authenticating your wallet connection and confirming the on-chain transaction. |
| Wise Payments | Invoicing and refund flows | Banking and cross-border payments. |
Each of these providers sets its own cookies under its own privacy notice — links are provided in Section 8 below.
5.6 Community and Embedded Widgets
Our pages may embed third-party widgets (for example Common Ninja utilities, or embedded social feeds from Facebook, Instagram, LinkedIn, YouTube, or TikTok). These widgets set their own cookies when they load. Where a widget is classified as Marketing, it will only load after you accept Marketing cookies. Embedded social content is governed by the respective platform's privacy policy.
6. Mobile App — Equivalent Technologies
Our App does not use browser cookies, but it uses functionally equivalent technologies:
- A device identifier (reset by you at any time via your device settings).
- A push notification token (only if you opt in to notifications).
- Crash and performance SDKs (aggregated, used to diagnose errors).
- Analytics SDKs (loaded only after you accept the Analytics category in the App's Privacy Settings).
- Camera and microphone permissions (only ever invoked when you begin an online ELP examination, for identity verification and session recording, as set out in Article 6.5 of our Terms).
We do not access your contacts, location, photos, or other device data.
7. International Transfers
Some of the services above are operated by companies based outside the European Economic Area (primarily the United States — Google, Cloudflare, Kajabi, Stripe, Coinbase Commerce, Meta, Crisp, Wistia). Where personal data is transferred outside the EEA, we rely on the safeguards described in Article 5 of our Privacy Notice, namely:
- Standard Contractual Clauses approved by the European Commission; and/or
- EU–US Data Privacy Framework certification where the recipient is certified (verifiable at www.dataprivacyframework.gov).
You can request a copy of the specific safeguards applicable to cookie-based transfers by emailing [email protected].
8. Third-Party Cookie Policies
For full transparency, the third parties referenced above maintain their own cookie and privacy documentation:
- Google (Analytics, Ads, Tag Manager): https://policies.google.com/technologies/cookies
- Meta (Facebook / Instagram): https://www.facebook.com/policies/cookies/
- LinkedIn: https://www.linkedin.com/legal/cookie-policy
- TikTok: https://www.tiktok.com/legal/page/eea/cookie-policy/en
- YouTube: covered by Google's policy above.
- Kajabi: https://kajabi.com/policies/privacy
- Stripe: https://stripe.com/cookies-policy/legal
- PayPal: https://www.paypal.com/uk/webapps/mpp/ua/cookie-full
- Coinbase: https://www.coinbase.com/legal/cookie
- Cloudflare: https://www.cloudflare.com/cookie-policy/
- Crisp: https://crisp.chat/en/privacy/
- Wistia: https://wistia.com/privacy
- CookieYes: https://www.cookieyes.com/privacy-policy/
- Common Ninja: https://www.commoninja.com/privacy
9. Your Rights
All rights described in Article 7 of our Privacy Notice apply in full to cookie data, including:
- The right to withdraw consent at any time via our "Cookie Settings" link or in-browser controls.
- The right of access, rectification, and erasure of any personal data linked to a cookie identifier we hold about you.
- The right to lodge a complaint with the Bulgarian supervisory authority — the Commission for Personal Data Protection (КЗЛД / CPDP), www.cpdp.bg, [email protected], +359 (02) 91-53-518, or with the supervisory authority in your EU/EEA country of residence.
10. Children
Consistent with Article 2.7 of our Privacy Notice, we do not knowingly place marketing or advertising cookies on the device of a student identified as being under 16. Where we learn that we have, we will delete the associated data. Parents and guardians may exercise cookie rights on behalf of a minor student by contacting [email protected] with proof of their relationship to the student.
11. Changes to This Cookie Policy
We review this Policy whenever we add, remove, or change a tracking technology on the Website or App, and at least once every 12 months. The current version is always available at www.peakaviation.eu/cookie-policy. For material changes (those that meaningfully alter the categories of cookies we use or who we share cookie data with), we will refresh the consent banner so that you are asked for your choices again. For minor or clarificatory changes, we will update the version date at the top of this document.
12. Contact
Peak Aviation — Privacy and Cookies Email: [email protected] (subject line: "Cookie Policy") Post: Puzl CoWorking, Cherni Vrah 47A Blvd., Sofia, 1407, Bulgaria
End of Cookie Policy — Peak Aviation | Version 1.0 | Effective 22 April 2026
The Private Pilot Pathway EASA PPL Theoretical Knowledge Course
