Flighter.appBack to Home

Privacy Policy

Last Updated: January 26, 2026

Key Points:

  • We only collect data necessary to provide our service
  • We never sell your personal data
  • We comply with GDPR and other data protection laws
  • You have full control over your data

1. Introduction

Welcome to Flighter.app. We are committed to protecting your personal data and respecting your privacy rights.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website at flighter.app and our services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data Controller

Legal Entity: Flighter.app

Contact: privacy@flighter.app

Data Protection Officer: dpo@flighter.app

For EU/EEA users, we are the data controller responsible for your personal data.

3. Information We Collect

3.1 Information You Provide Directly

When you create a reservation, we collect:

Email Address (Required)

Purpose: Send confirmation and reservation details

Legal basis: Contract performance

Travel Information (Required)

Origin and destination airports, travel dates, trip type, number of passengers

Purpose: Create your flight reservation

Payment Information

Processed securely by Stripe (we never see your full card details)

We receive: Last 4 digits of card, card brand, payment status

What we DO NOT collect:

  • Full name (unless required for specific reservation types)
  • Passport details
  • Date of birth
  • Nationality
  • Home address
  • Full payment card details

3.2 Information Collected Automatically

When you visit our Website, we automatically collect:

Technical Information

  • • IP address (anonymized for analytics)
  • • Browser type and version
  • • Operating system
  • • Device type
  • • Referring website

Usage Information

  • • Pages visited
  • • Time spent on pages
  • • Links clicked
  • • Search queries on our Website
  • • Booking flow interactions

For details on cookies and similar technologies, see our Cookie Policy.

3.3 Information from Third Parties

  • Amadeus Flight API: We query flight data using your search parameters. No personal data is shared with Amadeus - only airport codes and dates are sent.
  • Stripe (Payment Processor): Payment confirmation status, transaction ID, payment method type. We do NOT receive full card details.

4. How We Use Your Information

4.1 Primary Purposes

We use your personal data to:

Provide the Service:

  • • Create flight reservations
  • • Generate PNR codes
  • • Send confirmation emails
  • • Deliver PDF tickets
  • • Process payments

Communicate with You:

  • • Send booking confirmations
  • • Provide customer support
  • • Respond to inquiries
  • • Send important service updates

Improve the Service:

  • • Analyze usage patterns
  • • Fix bugs and errors
  • • Enhance user experience
  • • Develop new features

Ensure Security:

  • • Prevent fraud and abuse
  • • Detect unauthorized access
  • • Protect against security threats
  • • Verify transactions

4.2 What We DO NOT Do

  • Sell your personal data to third parties
  • Share data with advertisers
  • Use your data for unrelated purposes
  • Track you across other websites (except analytics cookies)
  • Send spam or unsolicited communications

6. How We Share Your Information

6.1 Service Providers

We share limited data with trusted third-party service providers:

Stripe (Payment Processing)

Data shared: Email, transaction amount, payment metadata

Stripe Privacy Policy

Resend (Email Delivery)

Data shared: Email address, reservation details

Resend Privacy Policy

Railway (Backend Hosting)

Data shared: API requests, transaction data

Railway Privacy Policy

Vercel (Frontend Hosting)

Data shared: Website visitors' IP addresses, usage data

Vercel Privacy Policy

Supabase (Database)

Data shared: All reservation data (Location: Singapore)

Supabase Privacy Policy

Google Analytics

Data shared: Anonymized usage data (Opt-out available)

Google Privacy Policy

6.2 We DO NOT Share With

  • Advertisers or ad networks
  • Data brokers
  • Social media platforms (except pixels you consent to)
  • Unrelated third parties
  • Anyone for marketing purposes (without consent)

7. International Data Transfers

7.1 Where We Store Data

Your data may be processed in:

  • European Union: Database and some services
  • United States: Stripe, some cloud services
  • Singapore: Primary database (Supabase)

7.2 Safeguards for EU/EEA Users

Data transfers outside EU/EEA are protected by:

  • Standard Contractual Clauses (SCCs): EU-approved contract terms ensuring GDPR-level protection
  • Adequacy Decisions: Some countries recognized as having adequate protection
  • Technical Measures: Encryption in transit (TLS/SSL), encryption at rest, access controls

8. Data Retention

8.1 How Long We Keep Your Data

Data TypeRetention PeriodReason
Active Reservations48 hours + 30 daysValidity period + customer support
Transaction Records7 yearsTax and accounting compliance
Marketing CommunicationsUntil unsubscribe or 2 yearsUser preference
Analytics Data26 months (anonymized)Google Analytics default
Customer Support3 yearsQuality assurance and disputes

8.2 Early Deletion

You can request early deletion by contacting: privacy@flighter.app

Note: Some data must be retained for legal/accounting purposes.

9. Your Rights Under GDPR

If you are in the EU/EEA, you have these rights:

Right to Access (Article 15)

Request confirmation that we process your data and obtain a copy of your personal data

Right to Rectification (Article 16)

Correct inaccurate data or complete incomplete data

Right to Erasure ("Right to be Forgotten") (Article 17)

Request deletion of your data when no longer necessary, you withdraw consent, or data unlawfully processed

Right to Restrict Processing (Article 18)

Limit how we use your data while you contest accuracy or object to processing

Right to Data Portability (Article 20)

Receive your data in structured, machine-readable format and transmit to another controller

Right to Object (Article 21)

Object to processing based on legitimate interests, direct marketing, or profiling

Right to Withdraw Consent (Article 7(3))

Withdraw consent anytime for marketing, non-essential cookies, optional data processing

Right to Lodge a Complaint (Article 77)

Complain to your national data protection authority if you believe we're not complying

Response Time:

  • 30 days (standard)
  • Up to 60 days for complex requests (we'll notify you)
  • • Requests are free of charge unless manifestly unfounded or excessive

How to exercise: Email privacy@flighter.app with your request

10. Data Security

10.1 Technical Measures

Encryption

  • • TLS/SSL for all data transmission
  • • Encrypted storage at rest
  • • End-to-end encryption for sensitive data

Access Controls

  • • Role-based access control (RBAC)
  • • Multi-factor authentication (MFA)
  • • Principle of least privilege

Infrastructure Security

  • • Secure cloud hosting
  • • Regular security patches
  • • Firewalls and intrusion detection

Payment Security

  • • PCI-DSS compliant (via Stripe)
  • • We never store full card details
  • • Tokenized payment processing

10.2 Data Breach Response

In case of a data breach:

  1. Detection and containment within 24 hours
  2. Assessment of breach impact
  3. Notification to authorities within 72 hours (GDPR requirement)
  4. User notification if high risk to your rights
  5. Remediation and prevention measures

11. Children's Privacy

Our Service is NOT intended for anyone under 18 years of age. We do not knowingly collect data from children under 18, market to children, or allow children to create accounts.

If you believe a child has provided us with personal data, contact us immediately at privacy@flighter.app. We will delete the information promptly.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know

Request categories of personal information collected, sources, purposes, and third parties we share with

Right to Delete

Request deletion of your personal information (subject to exceptions)

Right to Opt-Out of Sale

We do NOT sell personal information. This right is not applicable to our Service.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights

How to Exercise CCPA Rights:

Email: privacy@flighter.app

Subject: "CCPA Request"

Response time: 45 days (may extend to 90 days for complex requests)

13. Third-Party Links

Our Website may contain links to third-party websites or services.

Disclaimer:

  • • We are not responsible for third-party privacy practices
  • • We do not control third-party content or policies
  • • Read their privacy policies before providing data

14. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, new features, or user feedback.

For material changes, we will update the "Last Updated" date, display prominent notice on Website, send email notification (if we have your email), and request renewed consent (if required).

Please review this Privacy Policy periodically. Continued use after changes constitutes acceptance.

15. Contact Us

For privacy questions, concerns, or to exercise your rights:

General Privacy: privacy@flighter.app

Data Protection Officer: dpo@flighter.app

GDPR Requests: gdpr@flighter.app

CCPA Requests: ccpa@flighter.app

Security Issues: security@flighter.app

Response Time: Within 48-72 hours for general inquiries, 30 days for formal requests

Summary

Key Takeaways:

  • We only collect necessary data
  • We never sell your data
  • You control your information
  • We comply with GDPR, CCPA, and other laws
  • Your data is encrypted and secure
  • You can delete your data anytime
  • We're transparent about our practices

By using Flighter.app, you acknowledge that you have read and understood this Privacy Policy.

Questions? Contact us at privacy@flighter.app