Privacy Policy

Last Updated: 15 Apr, 2025

Welcome to Private Flights Ltd. We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our private jet brokerage app, website, and associated services.

1. Introduction

Private Flights Ltd ("we," "our," or "us") operates a private jet brokerage application and website designed to facilitate seamless flight bookings and provide personalised aviation services. This Privacy Policy explains how we collect, use, disclose, and protect your personal information. By using our app, website, and services, you agree to the terms outlined in this policy and our Terms of Service.

This privacy policy applies to the Private Flights app (hereby referred to as "Application") for mobile devices and the Private Flights website, created by Private Flights Ltd (hereby referred to as "Service Provider").

1.1 Definitions

For the purposes of this Privacy Policy, the following definitions apply:

Account: A unique account created for you to access our Service or parts of our Service.
Company: Refers to Private Flights Ltd ("the Company," "We," "Us," or "Our") operating under the laws of the United Kingdom.
Cookies: Small files that are placed on your device by a website, containing the details of your browsing history on that website among its many uses.
Device: Any device that can access the Service such as a computer, a mobile phone, or a digital tablet.
Personal Data: Any information that relates to an identified or identifiable individual.
Service: Refers to the mobile app (bearing the name 'Private.Flights') and website, both administered by Private Flights Ltd.
Service Provider: Any natural or legal person who processes the Personal Data on behalf of the Company.
Usage Data: Data collected automatically when using the Service, such as the duration of a page visit.
Website: Accessible from private.flights.
You: The individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service.

2. Information We Collect

We collect various types of information to provide and improve our services:

2.1 Personal Information

Identity Data: Name, date of birth, nationality
Contact Data: Email address, phone number, billing address
Account Data: Date of account creation, last login, registration source
Location Data: IP address, device's approximate geographical location (used for fraud prevention and service delivery)
Image Data: Images uploaded by users and passengers for profile or identification purposes
Device Information: Your device's Internet Protocol address (IP address), operating system, browser type, pages visited, time and date of visits
Contacts Data (if you use Invite feature)
 If you grant permission, we may access your device contacts to help you invite others to the service.
We process selected contact information (such as phone numbers) to:

• Identify whether your contacts are already users
• Facilitate referral rewards and invitations

Contact data is processed securely and is not used for unsolicited messaging. Invitations are only sent after explicit user action.

2.2 Transactional Data

Payment history (excluding card details, which are handled by Stripe)
Booking history and flight preferences
API access logs for security purposes
Stripe Identity data for fraud prevention (where verification is required)

2.3 Usage Data

Search queries and flight preferences
User settings and preferences
Flight tracking information
App and website usage patterns

3. How We Collect Your Information

We collect information through the following methods:

Direct Interactions: Information you provide directly through the app or website, such as when creating an account, booking flights, or contacting customer support.
Automated Collection: Data generated through your interactions with our services, including usage patterns, device information, and IP address.
Cookies and Local Storage: Information collected via cookies (website) and local storage (app) to manage your preferences and enhance your experience.

4. How We Use Your Information

We use your personal data for the following purposes:

Contract Performance: To process and manage your flight bookings, provide customer support, and fulfil our contractual obligations to you.
Legitimate Interests: To improve our services, ensure security, prevent fraud, and conduct business analytics.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
Consent: Where you have provided consent, to send you marketing communications and promotional offers. You may withdraw this consent at any time.
Session Recording Consent: Where required, we will only enable session recording and replay tools after you have provided consent through our app or website settings.

5. Data Sharing and Disclosure

We share your personal data with third parties only in the following circumstances:

Aircraft Operators: We share necessary contact details and identification information with third-party private jet operators to facilitate your bookings.

Payment Processing: We share necessary information with Stripe, our payment processor, to handle transactions securely.

Service Providers: With trusted service providers who process data on our behalf and are contractually bound to protect your information.

5.1 Third-Party Service Providers

We use the following third-party service providers, some of which are based in the United States:

Stripe (United States): Payment processing and identity verification - Stripe Privacy Policy
Google Analytics & Firebase (United States): Analytics services - Google Privacy Policy
Hotjar (United States): Analytics and user experience research - Hotjar Privacy Policy
Cloudflare (United States): Content delivery and security - Cloudflare Privacy Policy
Intercom (United States): Customer support chat - Intercom Privacy Policy
LogRocket (United States): Error tracking and session replay for debugging - LogRocket Privacy Policy
RevenueCat: Subscription management
Mapbox: Mapping and geolocation services – Mapbox Privacy Policy

5.2 International Data Transfers

Your data may be transferred to and processed in the United States by our service providers listed above. We ensure that appropriate safeguards are in place for all international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your information in compliance with UK GDPR.

6. Data Security

We implement appropriate technical and organisational measures to protect your information:

Encryption: All personal data is encrypted in transit using HTTPS/TLS and at rest using industry-standard encryption.
Access Controls: We implement strict access controls and regular security assessments.
Data Storage: Your data is securely managed through our trusted partners with appropriate security certifications.
Breach Protocol: In the event of a data breach, we will notify affected users and the Information Commissioner's Office (ICO) within 72 hours where required by law, providing details about the nature of the breach and measures taken.
Limitation: While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your personal data.

7. Your Rights Under GDPR

Under the UK General Data Protection Regulation, you have the following rights:

Right of Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request correction of inaccurate or incomplete personal data.
Right to Erasure: You can request deletion of your personal data in certain circumstances.
Right to Restrict Processing: You can request that we limit how we use your data.
Right to Data Portability: You can request your data in a structured, commonly used format.
Right to Object: You can object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request.

8. California Consumer Privacy Act (CCPA)

If you are a California resident, you have additional rights:

Right to Know: You can request information about the personal data we collect, use, and disclose.
Right to Delete: You can request deletion of your personal data.
Right to Opt-Out: You can opt-out of the sale of your personal data. We do not sell personal data.
Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

9. Cookies and Tracking Technologies

9.1 Website Cookies

Our website uses cookies for:

Strictly Necessary Cookies: Essential for website functionality (e.g., session management, security).
Analytics Cookies: To understand how visitors use our website (Google Analytics, Hotjar). These are only set with your consent.
Preference Cookies: To remember your settings and preferences.

You can manage cookie preferences through your browser settings or our cookie consent tool.

9.2 Mobile App Local Storage

Our app uses local storage for:

Necessary Data: Theme selection (dark/light mode), language preferences, authentication tokens.
Analytics: Usage data to improve app performance (with your consent).
You can manage app permissions through your device settings.

9.3 Session Recording and Diagnostics

We use LogRocket for analytics, diagnostics, error tracking, and session replay to help us understand app and website performance and fix issues. This may record your interactions with the app or website, including screen content, clicks, navigation, and technical events.
Where required, session recording is enabled upon registration of app when accepting Terms of Service. You may withdraw your consent at any time by contacting us. LogRocket acts as a service provider processing data on our behalf.

10. Legal Basis for Processing

We process your personal data on the following legal grounds:

Contract: Processing necessary to perform our contract with you (e.g., booking flights, providing services).
Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, service improvement, security), where these are not overridden by your rights.
Legal Obligation: Processing necessary to comply with legal requirements.
Consent: Where you have given specific consent for processing (e.g., marketing communications, analytics, or session recording where required).

11. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account data: retained while your account remains active and for up to 30 days after account deletion, unless retention is required for legal, tax, or regulatory reasons.
• Booking and transaction records: retained for up to 7 years to comply with accounting, tax, and regulatory obligations.
• Support and correspondence records: retained for up to 3 years after the matter is closed, unless a longer period is required by law.
• Analytics and session replay data: retained for up to 12 months, unless we need to retain specific records longer for security, fraud prevention, or legal claims.
• Security and access logs: retained for up to 12 months, unless longer retention is required for investigations or compliance.

Once retention is no longer necessary, we delete or anonymise the data securely.

12. Complaints Procedure

If you have concerns about how your personal data is handled:

Contact Us First: Email [email protected] and we will try to resolve your concern.
Supervisory Authority: If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via:

Email (if you have provided your email address)
In-app or website notification

We encourage you to review this policy periodically. Your continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]
In-App Support: Access customer service through the app
Data Controller: Private Flights Registered in England and Wales Email: [email protected]