Privacy Policy

1. Introduction

Flyga Labs, Inc. ("Flyga Labs, Inc.", "we", "our", or "us") provides travel organization tools that streamline trip planning by parsing travel emails, extracting itinerary data, and generating travel insights using artificial intelligence.

Your privacy is important to us. This Privacy Policy explains what data we collect, how we use and share it, and what rights you have regarding your information.

By using Flyga, you agree to the data practices described in this Privacy Policy.

2. Information We Collect

We collect several types of information when you use our service:

A. Personal Information

• Identification Data: Your name and email address.
• Account Information: Account verification status and authentication credentials (such as magic link tokens or passkeys).

B. Travel Information

When you forward travel confirmation emails or upload travel documents to Flyga, we may collect details such as:

• Travel dates, destinations, and associated costs.
• Itinerary details for flights, hotels, trains, rental cars, and activities (including booking or confirmation numbers).
• Loyalty program or membership numbers contained in your emails.
• Any other information included in the forwarded emails. (Note: We attempt to automatically redact highly sensitive information like passport numbers if they appear in your messages.)

C. Device & Usage Data

We automatically collect certain information about the devices and browsers you use and how you interact with Flyga, including:

• Technical Data: IP address, device type, operating system, and browser information.
• Usage Data: Log information (such as audit logs and security logs) and analytics data about feature usage, errors, and performance.

D. Data for AI Processing

To provide our smart itinerary parsing and recommendation features, relevant portions of your travel emails and itinerary data may be sent to trusted third-party AI service providers (for example, OpenAI’s ChatGPT and Anthropic’s Claude). This processing helps us:

• Parse and interpret unstructured travel emails.
• Extract travel details and organize itineraries.
• Generate travel insights and personalized recommendations.

Any data sent to these AI processors is used only to deliver the Flyga service to you. It is not used to train public AI models, and it is handled under strict confidentiality. We may utilize the results to improve Flyga’s features (for example, by training internal models that are used privately within Flyga), but your data is not exposed for any public machine learning training.

3. How We Use Your Information

We use the collected information for the following purposes:

• Account Provision and Maintenance: To create, administer, and support your Flyga account.
• Service Functionality: To parse your travel emails/documents and generate itinerary summaries, travel recommendations, and other insights.
• Product Improvement: To analyze usage and performance in order to improve Flyga’s features, algorithms, and user experience.
• Customer Support: To assist you if you contact us with questions, issues, or feedback.
• Security and Fraud Prevention: To monitor, investigate, and prevent any fraudulent, harmful, or unlawful activity, and to maintain the overall security of the platform.
• Payments: To process subscription payments (we use Stripe as our payment processor, so your payment information is handled by Stripe).
• Personalization and Analytics: To provide personalized content and features, and to conduct analytics on how our service is used.
• Legal Compliance and Enforcement: To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal data to third parties.

4. Legal Bases for Processing (GDPR)

If you are located in regions with data protection laws (such as the European Economic Area or the UK), Flyga Labs, Inc. processes your personal data under the following legal grounds, when applicable:

• Contractual Necessity: We process data to provide the service you have requested (for example, using your information to organize and display your travel itineraries).
• Legitimate Interests: We may process data for our legitimate business interests, such as improving our product, ensuring security, and performing analytics – but only where those interests do not override your privacy rights.
• Consent: In certain cases, we rely on your consent. For instance, by forwarding an email to Flyga or enabling a specific feature, you consent to our processing of the information needed to perform that service. You can withdraw consent at any time, though this may limit the features available to you.
• Legal Obligation: We process data as required by applicable laws – for example, keeping transaction records for tax and accounting purposes.

5. Third-Party Service Providers

Flyga Labs, Inc. shares data with a limited set of third-party service providers in order to operate and support our service. These providers act on our behalf (as “data processors”) and are not permitted to use your data for their own purposes. Key service providers we use include:

• Mailgun – for processing inbound and outbound emails (for example, when you forward travel confirmations to Flyga).
• Cloudflare – for web infrastructure and security services, including content delivery (CDN), DNS, and protection against cyber threats.
• OpenAI & Anthropic – for AI-based processing of travel information and generation of itinerary insights (as described above in section 2.D).
• Stripe – for payment processing of subscriptions (handling your payment transactions securely).

We may also use reputable cloud hosting and storage providers to host our application and data (e.g., servers and databases). All such providers are bound by contractual obligations to safeguard your data and only process it for the purposes we specify.

6. Data Sharing and Disclosure

We do not sell or rent your personal information. We only share your data in the following circumstances:

• With Service Providers: We share information with the third-party providers listed above and similar partners as necessary to run Flyga (under the obligations described in Section 5).
• For Legal Reasons: If required to comply with a law, regulation, legal process, or governmental request (for example, a court order or subpoena), we may disclose necessary data.
• To Protect Rights and Safety: We may share information when we believe it’s necessary to protect the rights, property, or safety of Flyga Labs, Inc., our users, or the public. This includes sharing information to detect and prevent fraud or security vulnerabilities.
• With Your Consent or at Your Direction: We will share your information with third parties if you specifically request or consent to such sharing. For instance, if you use a feature that integrates with an airline or hotel system and it requires sending certain data to that third party, we will do so only with your authorization.

Aside from the cases above, we will not share your personal information with third parties (including airlines, hotels, or other travel companies) without your explicit consent.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, or as required by law. In general:

• Account Data: Information you provide when registering and using Flyga (like your name, email, and saved itineraries) is kept for as long as your account is active. If you delete your account or it remains inactive for a prolonged period, we will delete or anonymize this data, subject to the exceptions below.
• Forwarded Emails: Travel confirmation emails that you forward into Flyga are stored so that we can provide the service. If you delete a trip or itinerary from your account, we will disassociate those forwarded emails from your account (meaning they are no longer linked to you personally). We may retain the email data in a backup or archive for a period of time, but it will not be identifiable to you.
• Extracted Itinerary Data: The travel details extracted from your emails (such as flight times, hotel names, etc.) may be retained in an anonymized form after you delete a trip. This anonymized data (with personal identifiers removed) helps us perform analytics and improve our service (for example, understanding general travel trends).
• Logs: System logs, security logs, and similar records are retained as long as necessary to fulfill security and compliance needs. This helps us investigate security incidents or troubleshoot issues.
• Deleted Accounts: If you choose to delete your Flyga account entirely, we will delete or anonymize personal data associated with your account. However, we may retain certain information for legal or compliance reasons. For example, we might keep payment transaction records or invoice information as required for financial reporting, tax obligations, or to resolve disputes. In any case, any retained data will remain subject to this Privacy Policy and applicable law.

8. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data. For example, users in the European Union, United Kingdom, or California have rights which may include:

• Access: The right to request a copy of the personal data we hold about you.
• Correction: The right to ask us to correct or update any inaccurate or incomplete personal information.
• Deletion: The right to request deletion of your personal data. (For example, you can delete your account or specific trips, and we will remove or anonymize the corresponding data as described in this Policy.)
• Data Portability: The right to request your personal data in a portable, machine-readable format, for you to reuse it or transfer it to another service.
• Opt-Out of Sale: The right to opt out of the “sale” of your personal information. (Note: Flyga does not sell personal data, so this right is provided for completeness.)
• Objection/Restriction: The right to object to certain processing or ask us to restrict processing of your data in some circumstances – for instance, opting out of certain analytics or marketing communications.
• Non-Discrimination: Flyga Labs, Inc. will not discriminate against you for exercising any of these rights. We will not deny you service, charge you different prices, or provide a different level of quality because you exercised your privacy rights.

To exercise any of your rights, please contact us at [email protected]. We will respond to legitimate requests within the timeframe required by law. Please note we may need to verify your identity (for your security) before acting on a data request.

9. Children’s Privacy

Flyga is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you are under 18, please do not use the Service or submit any personal information to us. If a parent or guardian becomes aware that a minor has provided us with personal data, please contact us immediately so we can delete that information.

10. Data Security

We take the security of your information seriously and implement a variety of technical and organizational measures to protect it. These include:

• Encryption: Data is encrypted both in transit (e.g., when data is sent between your device and our servers) and at rest (when stored in our databases), to prevent unauthorized access.
• Sensitive Data Handling: We automatically detect and redact certain sensitive identifiers (for example, if a passport number is detected in an email, our system will attempt to remove or mask it). We also avoid storing highly sensitive data such as passport numbers or full credit card numbers in our systems.
• Access Controls: We limit access to personal data to authorized personnel who need it to operate our service. Internal access to data is protected by role-based controls and is logged for security auditing.
• Network Security: We use firewalls, intrusion detection systems, and services like Cloudflare’s security features to protect our website and databases from malicious attacks. Our infrastructure is configured following industry best practices for security.
• Monitoring and Auditing: We maintain audit logs of system activity and regularly monitor for any suspicious behavior or vulnerabilities. We also periodically review our security measures and update them as needed.

While we strive to protect your personal information, please note that no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security. You use the Flyga service and provide personal data at your own risk, and you should also take steps to secure your own account (such as keeping your login credentials confidential).

11. Beta Status and AI Notice

Beta Service: Flyga is currently offered as an invite-only beta. This means the service is still in development and testing. Features may change, be added or removed, and you may encounter occasional bugs or downtime. We will do our best to maintain reliability, but some issues are expected during this phase.

AI-Generated Content: Some Flyga features use artificial intelligence to provide travel suggestions and insights. AI-generated recommendations may be incomplete, inaccurate, or outdated. Always verify important travel details independently (for example, check your flight status with the airline, confirm hotel check-in times, etc.). Flyga is not liable for any decisions you make based solely on AI-provided content, as further explained in our Terms of Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by email or via a prominent notice within the app or on our website. Please review this Policy periodically to stay informed about how we are protecting your information. The “Last Updated” date at the top indicates when the latest changes were made.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at [email protected]. We will do our best to address your inquiry promptly.