Privacy Policy

Last updated: January 31, 2026

1. Data Controller

FlyVault ("we," "us," "our") is the data controller responsible for the personal data collected through this website and our communication channels (WhatsApp, email). For any questions regarding your personal data, contact us at contact@flyvault.co.

2. Applicable Data Protection Laws

FlyVault processes personal data in accordance with applicable data protection laws, including:

  • UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data (UAE PDPL), for data processed within the United Arab Emirates.
  • EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — for personal data of individuals located in the European Economic Area (EEA), regardless of where the data is processed.
  • Any other applicable data protection legislation in the client's country of residence, to the extent it applies to FlyVault's activities.

Where there is a conflict between applicable laws, the standard providing the higher level of protection for the data subject shall prevail.

3. Data We Collect

We may collect the following categories of personal data:

  • Identity information: full name, date of birth, nationality, passport number and expiry (required for ticket issuance).
  • Contact information: email address, phone number, WhatsApp number.
  • Travel preferences: routes, dates, cabin preferences, frequent flyer numbers.
  • Payment information: bank transfer details. We do not store credit card numbers.
  • Communication data: messages exchanged via WhatsApp or email regarding your booking.
  • Technical data: IP address, browser type, and device information collected automatically when you visit our website.

4. How We Use Your Data

Your personal data is used exclusively for:

  • Searching for and booking airline tickets on your behalf.
  • Communicating with you about your booking and travel arrangements.
  • Transmitting necessary information to airlines and ticket consolidators for ticket issuance.
  • Processing payments and maintaining accounting records as required by applicable law.
  • Responding to your inquiries and providing customer support.
  • Complying with legal obligations and resolving disputes.

We do not use your data for marketing, profiling, automated decision-making, or any purpose beyond what is strictly necessary for the Service unless you have given explicit, separate consent.

5. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: processing necessary to fulfill our concierge service (searching for fares, booking tickets, communicating about your itinerary).
  • Legal obligation: retention of accounting and transaction records as required by applicable law.
  • Legitimate interest: improving our service, ensuring security, and responding to inquiries.
  • Consent: for any optional communications (e.g., fare alerts), which you can withdraw at any time by contacting us.

6. Data Sharing

We share your personal data only with parties strictly necessary to fulfill your booking:

  • Airlines and ticket consolidators (for ticket issuance).
  • Payment processors (for transaction processing).
  • Legal or regulatory authorities (only when required by applicable law).

We do not sell, rent, trade, or share your personal data with third parties for their own commercial or marketing purposes, under any circumstances.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence in order to fulfill your booking (e.g., transmitting passenger details to an airline headquartered in another jurisdiction). Where such transfers occur, we ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

8. Data Retention

  • Booking data: retained for the duration of the trip plus 5 years (in accordance with applicable commercial retention obligations).
  • Communication data: retained for up to 3 years after the last interaction.
  • Accounting data: retained for up to 10 years as required by applicable tax and accounting laws.
  • Technical data: retained for up to 12 months.

After the applicable retention period, data is securely deleted or anonymized.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: obtain a copy of the personal data we hold about you.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: request deletion of your data (subject to legal retention obligations).
  • Right to restriction: restrict certain processing of your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interest.
  • Right to withdraw consent: withdraw any previously given consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at contact@flyvault.co. We will respond within 30 days.

10. Supervisory Authorities

You have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction:

  • UAE residents: UAE Data Office — uaedataoffice.ae
  • EU/EEA residents: your local Data Protection Authority (e.g., CNIL in France, BfDI in Germany, ICO in the UK, etc.). A full list is available at edpb.europa.eu.
  • Other jurisdictions: the competent data protection authority in your country of residence.

11. Cookies

This website does not use advertising, analytics, or tracking cookies. We may use strictly necessary cookies for essential site functionality only. No third-party tracking scripts are deployed.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted communications, access controls, and secure storage. Communications via WhatsApp benefit from end-to-end encryption provided by that platform.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your data, we cannot guarantee absolute security.

13. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal data from minors. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

14. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated through the Service or via email where possible. Continued use of the Service after changes constitutes acceptance of the revised policy.