Privacy Policy — Go Flights

1. Information We Collect

When you make a booking, we collect:

Passenger names, dates of birth, and nationalities
Contact information (email address, phone number)
Booking details (flight, dates, booking reference)
Payment status metadata (e.g., whether payment succeeded or failed)

We do not store full payment card details. Card data is handled directly by Stripe, our payment provider, in accordance with PCI DSS standards.

2. Third-Party Providers

Your data is shared with the following providers to fulfil your booking:

Duffel — flight content and order management. Passenger names and details are transmitted to Duffel and the operating airline to create your booking.
Stripe — payment processing. Stripe processes your card payment securely. Their privacy policy applies to data they hold.
Supabase — secure database hosting for booking records.
Email provider — booking confirmations and notifications are sent via our email delivery provider.

3. Purpose of Processing

We process your personal data to:

Create and manage your flight booking
Process payment and refunds
Send booking confirmations and itinerary updates
Respond to support requests
Comply with legal obligations

4. Data Retention

[Placeholder — to be completed by legal counsel.] Booking records are retained for a reasonable period after travel to support dispute resolution and legal compliance requirements. Contact us to request deletion of your data, subject to legal retention obligations.

5. Your Rights

[Placeholder — to be completed by legal counsel, aligned with applicable law such as GDPR, CCPA, or other relevant legislation.] You may have the right to access, correct, or request erasure of your personal data, as well as the right to object to or restrict certain processing.

6. Contact

For privacy-related enquiries, please contact us via our Support page.