Privacy Policy

1. Introduction

WingIt Aviation AS ("WingIt," "we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App") and related services ("Services").

By using WingIt, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Personal Information You Provide

When you use our Services, we collect the following personal information that you voluntarily provide:

• Contact Information: Full name, email address, phone number, and physical address
• Account Information: Username, password (encrypted), and profile preferences
• Travel Documents: Passport information, government-issued identification, and travel documents required for international private aviation compliance
• Payment Information: Payment card details, billing address, and transaction history (processed securely through Stripe)
• Booking Information: Flight preferences, travel history, passenger details, and special requests
• Emergency Contacts: Names and contact information of emergency contacts and travel companions from your device contacts
• Photos and Documents: Profile pictures, scanned travel documents, and identity verification photos uploaded through the App
• Customer Support Data: Correspondence, support tickets, feedback, and any information you provide when contacting us

2.2 Information Collected Automatically

When you use our App, we automatically collect certain information:

• Location Data: Precise location (GPS) when you grant permission, used to show nearby airports and provide accurate travel information
• Device Information: Device ID, operating system, app version, device model, and unique device identifiers
• Usage Data: App interactions, screen views, taps, flight searches, booking attempts, session duration, and feature usage
• User ID: Unique identifier assigned to your account (Firebase UID)
• Diagnostic Data: Crash logs, performance metrics, error reports, and technical diagnostic information
• Calendar Access: Calendar data (with permission) to add flight bookings to your calendar

2.3 Third-Party Data

We may receive information about you from third-party services:

• Authentication Providers: Information from Google, Apple, or other sign-in services you choose to use
• Payment Processors: Transaction confirmation and payment status from Stripe
• Aviation Partners: Flight availability, aircraft details, and booking confirmations from charter operators

3. How We Use Your Information

3.1 Primary Purposes

We use your information for the following purposes:

App Functionality:

• Create and manage your account
• Process flight bookings and reservations
• Verify your identity and authenticate access
• Comply with aviation regulations and legal requirements
• Process payments and prevent fraud
• Provide customer support and respond to inquiries
• Send booking confirmations, flight updates, and service notifications
• Ensure app security and prevent unauthorized access

Product Personalization:

• Customize your app experience with personalized greetings and content
• Recommend flights based on your location and preferences
• Suggest routes based on your booking history
• Display relevant flight offers and deals

Analytics and Improvements:

• Analyze app usage to improve features and user experience
• Understand user behavior and preferences
• Measure feature effectiveness and engagement
• Fix bugs, crashes, and performance issues
• Optimize app performance and scalability

Communications (If Applicable):

• Send marketing emails about new routes, special offers, and promotions (with your consent)
• Send SMS notifications about booking updates and flight changes (with your consent)
• You can opt-out of marketing communications at any time

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide our Services and fulfill bookings
• Legal Obligation: Compliance with aviation regulations, tax laws, and legal requirements
• Legitimate Interests: Improving our Services, preventing fraud, and ensuring security
• Consent: Marketing communications, location tracking, and optional features (you may withdraw consent at any time)

5. How We Share Your Information

We do not sell your personal information to third parties. We may share your data with:

5.1 Service Providers

• Aviation Partners: Charter operators and aircraft providers to fulfill your bookings
• Payment Processors: Stripe for secure payment processing
• Cloud Services: Firebase (Google) for app infrastructure, authentication, and database
• Analytics Providers: Google Analytics for usage analysis and app improvement
• Communication Services: Email and SMS service providers for notifications
• Customer Support Tools: Platforms that help us provide support

5.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service and protect our rights
• Investigate fraud, security issues, or violations
• Protect the safety and rights of users and the public

5.3 Business Transfers

If WingIt is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: All sensitive data, including passport information and payment details, is encrypted both in transit (TLS/SSL) and at rest
• Access Controls: Strict access controls limit employee access to personal data on a need-to-know basis
• Secure Infrastructure: We use Firebase's secure cloud infrastructure with regular security audits
• Authentication: Multi-factor authentication and biometric security options (Face ID/Touch ID)
• Monitoring: Continuous monitoring for security threats and unauthorized access
• Regular Updates: Regular security patches and updates to protect against vulnerabilities

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Services and maintain your account
• Comply with legal, tax, and regulatory requirements
• Resolve disputes and enforce our agreements
• Prevent fraud and ensure security

Specific Retention Periods:

• Account Data: Retained while your account is active and up to 7 years after deletion for legal compliance
• Booking Records: Retained for 7 years for tax and aviation compliance
• Passport Information: Retained only as long as necessary for completed bookings, then securely deleted
• Payment Data: Processed by Stripe; we retain minimal transaction records for 7 years
• Analytics Data: Aggregated and anonymized data may be retained indefinitely
• Support Tickets: Retained for 3 years for quality assurance and legal purposes

8. Your Privacy Rights

8.1 Rights for All Users

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
• Opt-Out: Unsubscribe from marketing communications at any time
• Data Portability: Request your data in a structured, machine-readable format

8.2 Additional Rights (GDPR - EEA, UK, Switzerland)

• Right to Object: Object to processing based on legitimate interests
• Right to Restrict: Request restriction of processing in certain circumstances
• Right to Withdraw Consent: Withdraw consent for processing based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.3 California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

• Know what personal information is collected, used, and shared
• Delete personal information (with exceptions)
• Opt-out of the sale of personal information (we do not sell your data)
• Non-discrimination for exercising privacy rights
• Correct inaccurate personal information
• Limit use of sensitive personal information

8.4 How to Exercise Your Rights

To exercise any of these rights:

• Email us at privacy@wingitjets.com
• Use the in-app settings to manage your account and preferences
• Call us at +47 984 36 850

We will respond to your request within 30 days (or as required by applicable law).

9. International Data Transfers

WingIt is based in Norway. If you use our Services from outside Norway, your information may be transferred to, stored in, and processed in Norway and other countries where our service providers operate.

For EEA/UK users: We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with adequate data protection
• Privacy Shield Framework (where applicable)

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze app usage and performance
• Provide personalized content and recommendations
• Measure the effectiveness of our Services

You can control cookie preferences through your device settings. For detailed information, see our Cookie Policy.

11. Third-Party Services

Our App integrates with third-party services:

• Firebase/Google Cloud: Authentication, database, analytics, and hosting
• Stripe: Payment processing
• Google Analytics: Usage analytics and insights

These services have their own privacy policies. We encourage you to review them:

• Firebase Privacy Policy: firebase.google.com/support/privacy
• Stripe Privacy Policy: stripe.com/privacy
• Google Privacy Policy: policies.google.com/privacy

12. Children's Privacy

WingIt is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately, and we will delete such information.

13. Do Not Track Signals

Our App does not currently respond to "Do Not Track" signals from browsers. We do not track users across third-party websites for advertising purposes.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this policy
• Sending an in-app notification or email
• Displaying a prominent notice in the App

Your continued use of our Services after such modifications constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: