Skyway Private, Privacy Policy

1. Introduction

Welcome to Skyway Private, Inc. ("Skyway Private," "we," "us," or "our"). Skyway Private operates a digital marketplace platform connecting pilots, aircraft operators, schedulers, and fleet managers with Fixed Base Operators (FBOs) for ground handling services, including ramp space, hangar access, fuel services, catering, and related aviation services.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, mobile application, and services (collectively, the "Platform"). By accessing or using the Platform, you agree to the terms of this Privacy Policy.

Our Commitment: We are committed to protecting your privacy and handling your data transparently and securely. We comply with applicable data protection laws, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other relevant privacy regulations.

2. Information We Collect

We collect information in several ways when you use our Platform:

2.1 Information You Provide Directly

Account Registration:

• Name, email address, phone number
• Company name and position (for business accounts)
• Username and password
• Billing and payment information
• Tax identification numbers (for FBO partners)

Operator/Pilot Information:

• Aircraft details (tail number, make, model, type)
• Flight department information
• Pilot certifications (if voluntarily provided)
• Scheduling preferences and contact information

FBO Partner Information:

• Facility details (location, services offered, operating hours)
• Pricing information
• Availability calendars
• Staff contact information
• Banking and payment processing details

Booking Information:

• Departure and arrival airports
• Flight dates and times
• Aircraft details
• Service requests (fuel, hangar, catering, ground transportation)
• Special instructions or preferences
• Communication with FBOs

Communications:

• Messages sent through our Platform between operators and FBOs
• Customer support inquiries and correspondence
• Survey responses and feedback

Payment Information:

• Credit card or payment method details (processed through our secure payment processor)
• Billing address
• Transaction history

2.2 Information Collected Automatically

Usage Data:

• Pages viewed, features accessed, time spent on Platform
• Search queries and booking patterns
• Device information (type, operating system, browser)
• IP address and general location data
• Referring/exit pages and URLs

Cookies and Tracking Technologies:

• Session cookies (essential for Platform functionality)
• Persistent cookies (for preferences and analytics)
• Web beacons and pixel tags
• Analytics tools (Google Analytics, etc.)

Location Data:

• Approximate location based on IP address
• Precise location (only with your permission for mobile app features)

2.3 Information from Third Parties

We may receive information from:

• FBO Management Systems: X-1FBO, FlightBridge, and other integrated systems
• Payment Processors: Stripe, PayPal, or other payment services
• Service Partners: Rental car companies (Enterprise, Hertz, Go Rentals), fuel providers
• Identity Verification Services: For fraud prevention and account security
• Public Sources: Airport data, aviation directories, publicly available business information

3. How We Use Your Information

We use your information for the following purposes:

3.1 Platform Operations

• Booking Facilitation: Process and manage bookings between operators and FBOs
• Account Management: Create, maintain, and secure user accounts
• Payment Processing: Complete transactions and issue invoices/receipts
• Communication: Send booking confirmations, updates, and service-related messages
• Customer Support: Respond to inquiries and resolve issues

3.2 Platform Improvement

• Analytics: Understand usage patterns and improve user experience
• Demand Forecasting: Provide FBOs with predictive analytics and insights
• Product Development: Develop new features and services
• Quality Assurance: Monitor and improve Platform performance

3.3 Business Operations

• Fraud Prevention: Detect and prevent fraudulent activity
• Legal Compliance: Meet regulatory and legal obligations
• Safety and Security: Protect Platform integrity and user safety
• Business Analytics: Generate reports and insights for strategic decisions

3.4 Marketing and Communications

• Promotional Communications: Send newsletters, updates, and promotional offers (with consent)
• Surveys and Feedback: Request input on services and experiences
• Partner Communications: Inform FBOs about new operators or market opportunities

3.5 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, we process your data based on:

• Contract Performance: Processing necessary to fulfill our services
• Legitimate Interests: Platform improvement, fraud prevention, analytics
• Consent: Marketing communications, optional features
• Legal Obligation: Compliance with applicable laws

4. How We Share Your Information

We share your information only as described below:

4.1 With FBOs and Operators

• Booking Details: Share relevant booking information between operators and FBOs
• Contact Information: Enable communication for service coordination
• Flight Information: Provide aircraft details necessary for ground handling

4.2 Service Providers

We share information with trusted third-party service providers who assist with:

• Payment processing (Stripe, PayPal)
• Cloud hosting and data storage (AWS, Google Cloud)
• Analytics and performance monitoring (Google Analytics)
• Customer support tools
• Email and communication services
• Security and fraud prevention

4.3 Integration Partners

• FBO Management Systems: X-1FBO, FlightBridge (for booking synchronization)
• Rental Car Partners: Enterprise, Hertz, Go Rentals
• Fuel Providers: AvFuel, World Fuel Services, AEG Fuels, Titan Aviation Fuels
• Other Aviation Services: As requested by users

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4.5 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal process, court orders, or government requests
• Enforce our Terms of Service and other agreements
• Protect our rights, property, or safety, or that of our users or the public
• Investigate fraud, security issues, or technical problems

4.6 Aggregated or Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you, such as industry trends, market statistics, or demand forecasting insights.

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

Essential Cookies:

• Required for Platform functionality
• Enable account login and booking processes
• Maintain session security

Functional Cookies:

• Remember your preferences and settings
• Improve user experience
• Store language and location preferences

Analytics Cookies:

• Understand how users interact with the Platform
• Measure performance and identify areas for improvement
• Track aggregated usage statistics

Marketing Cookies:

• Deliver relevant advertisements
• Measure effectiveness of marketing campaigns
• Retarget visitors with relevant offers

5.2 Cookie Management

You can control cookies through your browser settings. However, disabling essential cookies may limit Platform functionality. Most browsers allow you to: view and delete cookies; block third-party cookies; block all cookies (may impact site functionality); receive notifications when cookies are set.

5.3 Do Not Track

Some browsers include a "Do Not Track" (DNT) feature. Our Platform does not currently respond to DNT signals, but we provide cookie management options as described above.

6. Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards:

• Encryption in transit (TLS/SSL) and at rest
• Secure payment processing (PCI DSS compliant)
• Regular security audits and penetration testing
• Secure cloud infrastructure with redundancy

Organizational Safeguards:

• Limited access to personal data (need-to-know basis)
• Employee training on data protection
• Confidentiality agreements with service providers
• Incident response procedures

Account Security:

• Secure password requirements
• Account lockout after failed login attempts
• Optional two-factor authentication (when available)

Important Note: While we take reasonable precautions, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods:

• Account & Profile Data: Duration of active account + 30 days after closure
• Booking & Transaction Records: 7 years from transaction date
• Payment Information: Tokenized data retained for active payment methods; transaction receipts retained for 7 years
• Communications: 3 years from date of communication
• Analytics & Usage Data: Aggregated/anonymized: indefinitely; Individual usage logs: 2 years
• Marketing Data: Until unsubscribe or account closure + 30 days; suppression lists retained indefinitely
• Legal/Compliance Records: 7 years minimum
• Cookies: Session cookies: end of browser session; Persistent cookies: 12–24 months

You may request deletion of your data at any time, subject to legal obligations and legitimate business needs.

8. Your Privacy Rights

8.1 Rights for All Users

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information (subject to legal exceptions)
• Opt-Out: Unsubscribe from marketing communications
• Account Closure: Delete your account at any time

8.2 California Residents (CCPA Rights)

If you are a California resident, you have additional rights:

• Right to Know: Request details about the personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information (subject to exceptions)
• Right to Opt-Out: Opt-out of the "sale" of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Exercise your rights without discriminatory treatment

How to Exercise CCPA Rights: Contact us at privacy@skywayprivate.com or call (toll-free number TBD). We will verify your identity and respond within 45 days.

8.3 European Users (GDPR Rights)

If you are located in the EEA, UK, or Switzerland, you have the right to:

• Access: Obtain a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion ("right to be forgotten")
• Restriction: Limit how we process your data
• Data Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for processing based on consent
• Lodge a Complaint: File a complaint with your local data protection authority

International Data Transfers: We transfer data from the EEA to the United States. We implement appropriate safeguards, including Standard Contractual Clauses, to protect your information.

How to Exercise GDPR Rights: Contact us at privacy@skywayprivate.com. We will respond within 30 days.

9. Children's Privacy

Skyway Private is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@skywayprivate.com, and we will promptly delete such information.

10. Third-Party Links and Services

Our Platform may contain links to third-party websites, applications, or services, including: FBO websites; rental car booking sites; fuel provider platforms; payment processors.

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information. This Privacy Policy applies only to information collected through the Skyway Private Platform.

11. International Users

Skyway Private is based in the United States. If you access the Platform from outside the U.S., your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

For European Users: We comply with GDPR requirements and implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission.

By using the Platform, you consent to the transfer of your information to the United States and other countries where we operate.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will: update the "Last Updated" date at the top of this policy; notify you via email or Platform notification for material changes; provide prominent notice on the Platform.

Your continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our website.

14. Additional Information

14.1 Automated Decision-Making

We may use automated systems for: fraud detection and prevention; demand forecasting and pricing recommendations; search result ranking. You have the right to request human review of automated decisions that significantly affect you.

14.2 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will: notify affected users within 72 hours (as required by GDPR); notify relevant supervisory authorities as required by law; provide information about the breach and steps to protect yourself.

14.3 California "Shine the Light" Law

California residents may request information about disclosures of personal information to third parties for direct marketing purposes. To make such a request, contact us at privacy@skywayprivate.com.