Privacy Statement

1. Introduction

FLYYAT LLC ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Statement explains how we collect, use, and process your personal data when you use our website, mobile application, or any of our travel services (collectively, the "Services").

Please read this Privacy Statement carefully to understand our practices regarding your personal data. By continuing to use our Services, you acknowledge that you have read and understand this Statement.

2. Personal Data We Collect

We may collect personal data directly from you, automatically when you use our services, or from third-party sources (like partner airlines, hotels, or social media networks).

2.1 Personal Data You Provide

• Contact Information: Full name, email address, phone numbers, billing and shipping address.
• Account Information: Account credentials, passwords, travel preferences, loyalty program numbers.
• Booking Data: Passenger details, passports, known traveler numbers (e.g., TSA PreCheck), special requests (including dietary or accessibility needs), and emergency contacts.
• Payment Information: Credit card numbers, expiration dates, and billing addresses (stored and processed securely).

2.2 Personal Data Collected Automatically

• Device Information: Device type, operating system version, browser type, and IP address.
• Usage Data: Pages accessed, clicks, search histories, date and time of visits, and referring websites.
• Location Data: Approximate location based on your IP address, or precise location if you have enabled location services on your mobile device.

3. How We Use Your Personal Data

We use your data for several purposes, primarily grounded in fulfilling our contract with you (booking your travel) and our legitimate business interests. These uses include:

• Providing Services: Processing and managing travel bookings, verifying your identity, and sending booking confirmations and updates.
• Customer Service: Responding to inquiries, resolving disputes, and providing personalized traveler support.
• Marketing and Promotions: Sending you promotional offers, newsletters, and recommendations (with your consent, where legally required). You can opt out at any time.
• Analytics and Improvement: Analyzing how you use our Services to improve features, develop new products, and optimize the user experience.
• Fraud Prevention & Security: Detecting, investigating, and preventing fraudulent transactions, cyberattacks, or other illegal activities.

4. Sharing of Personal Data

We do not sell your personal data. However, we may share your data with:

• Travel Suppliers: Airlines, hotels, car rental agencies, and activity providers who fulfill your travel reservations.
• Affiliates and Subsidiaries: Companies within the FLYYAT Group to provide a cohesive booking experience and shared customer support.
• Service Providers: Third-party vendors who assist with IT infrastructure, payment processing, fraud prevention, marketing, and customer relationship management.
• Legal and Regulatory Authorities: When required by law to respond to subpoenas, court orders, or requests from government agencies (e.g., TSA or customs).
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as a business asset.

5. Our Use of Artificial Intelligence (AI)

We use Artificial Intelligence and Machine Learning algorithms to improve your travel experience. This includes personalizing recommendations (e.g., "Destinations you might like"), operating our virtual customer service Assistant, detecting fraudulent transactions in real-time, and predicting flight prices. These systems analyze vast amounts of data, including your past searches and bookings, to deliver a smarter and more secure platform. We adhere to responsible AI principles and ensure human oversight on critical decisions affecting your bookings.

6. Your Rights and Choices

Depending on your jurisdiction (such as under the GDPR or CCPA), you may have specific rights regarding your personal data:

• Access and Portability: You can request a copy of the personal data we hold about you.
• Correction: You can ask us to correct inaccurate or incomplete data.
• Deletion: You can request that we delete your personal data, subject to certain exceptions (like our legal obligation to keep booking records).
• Opt-Out of Marketing: You may unsubscribe from marketing emails via the link in the email or by adjusting your account preferences.

To exercise these rights, please contact our Data Protection Office at privacy@flyyat.com.

7. International Data Transfers & Global CBPR

FLYYAT operates globally. Your personal data may be transferred to, and processed in, countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses. FLYYAT also adheres to the Global Cross-Border Privacy Rules (CBPR) system framework requirements, which establishes a framework for ensuring data protection when transferring data across borders among participating economies.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Generally, booking records are retained for seven years for tax and legal compliance.

9. Contact Us

If you have questions about this Privacy Statement or our data practices, please contact us:

• Email: privacy@flyyat.com
• Mailing Address: FLYYAT LLC, Attn: Data Protection Officer, 123 Market Street, Suite 400, San Francisco, CA 94102
• Phone: +1 (800) 555-BOOK