Privacy Policy

Last updated: 27 June 2026

✅ GDPR Compliant

1. Who we are (Data Controller)

FlightProof operates the website flightproof.co and provides onward flight reservation services.

We are the data controller for the personal data you provide to us. This means we determine the purposes and means of processing your personal data.

Contact: qr@flightproof.co

2. What personal data we collect and why

We only collect data that is strictly necessary to fulfill your booking. Here is exactly what we collect and the legal basis for each:

Booking data (contract performance — Article 6(1)(b) GDPR)

When you place an order, we collect:

Without this data we cannot perform the service contract you entered into with us.

Partner account data (contract performance — Article 6(1)(b) GDPR)

If you register as a partner (travel agency), we additionally collect:

Payment data

We do not see, process, or store your payment card details.

3. How we use your data

Your data is used solely to:

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

We do not use your data for automated decision-making or profiling.

4. Legal bases for processing (GDPR Article 6)

Processing purposeLegal basis
Booking fulfillment & ticket deliveryArticle 6(1)(b) — Contract performance
Partner account managementArticle 6(1)(b) — Contract performance
Stripe payment processingArticle 6(1)(b) — Contract performance
Email notifications about your bookingArticle 6(1)(b) — Contract performance
Analytics (Google Analytics — with consent)Article 6(1)(a) — Consent (opt-in)
Legal obligations (tax, fraud prevention)Article 6(1)(c) — Legal obligation

5. Cookies and tracking

FlightProof uses a minimal cookie and storage approach:

6. Third-party processors (Data Processors)

We engage the following third-party data processors. Each has been assessed for GDPR compliance and a Data Processing Agreement (DPA) is in place or available:

If the processor is based outside the EEA, we rely on Standard Contractual Clauses (SCCs) as the appropriate safeguard under Article 46 GDPR.

7. International data transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer your data, we ensure appropriate safeguards are in place, such as:

8. Data retention

We retain your personal data only as long as necessary:

You can request earlier deletion at any time (see Section 9).

9. Your rights under GDPR

As a data subject in the EEA, UK, or Switzerland, you have the following rights:

To exercise any of these rights:

  1. Email us at qr@flightproof.co with your request and the email address used at checkout, or
  2. Use our automated data request tool (available to logged-in partners via their dashboard)

We will respond to your request within 30 days as required by Article 12 GDPR. We may ask for additional information to verify your identity before processing your request.

You also have the right to lodge a complaint with your national data protection supervisory authority (e.g., the ICO in the UK, the CNIL in France, or the DPC in Ireland).

10. Data security (Article 32 GDPR)

We implement appropriate technical and organisational measures to ensure your data is secure:

11. Automated data deletion

Our system runs a periodic cleanup that automatically deletes booking records older than the retention period (12 months after travel date). You do not need to request this — it happens automatically.

12. Children's privacy

FlightProof does not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified via a notice on our website or by email. The "Last updated" date at the top of this page will always reflect the latest revision. We will not reduce your rights under this policy without your explicit consent.

14. Contact & Data Protection Officer

For any privacy-related queries, data subject requests, or if you wish to contact our Data Protection Officer:

Email: qr@flightproof.co

We aim to respond to all enquiries within 48 hours.

15. Supervisory authority

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For users in the UK, this is the Information Commissioner's Office (ICO): ico.org.uk.