Privacy Policy

SwiftJet ("we", "us", or "our") operates the website swiftjet.app and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

Information you provide

• Account data — name, email address, phone number, and profile photo when you register.
• Social Sign-In data — when you authenticate via Apple Sign-In or Google Sign-In, we receive your name, email address, and a unique account identifier. We do NOT receive your Apple or Google password.
• Booking data — rental dates, locations, equipment preferences, and guest details.
• Payment data — processed securely by Stripe. We do not store your full card number.
• Communications — messages sent through our platform, support requests, and feedback.
• Operator data — business licences, tax identification, fleet details, and bank information for payouts.

Information collected automatically

• Device & browser data — IP address, browser type, operating system, and device identifiers.
• Usage data — pages visited, features used, search queries, and referral sources.
• Location data — approximate location derived from your IP address or, if you grant permission, precise GPS coordinates.

2. How We Use Your Information

• Process and manage bookings between customers and operators.
• Facilitate payments, refunds, and payouts via Stripe.
• Send transactional emails (booking confirmations, receipts) via Resend.
• Improve our platform, personalise your experience, and analyse usage trends.
• Prevent fraud, enforce our terms, and comply with legal obligations.
• Send promotional communications (only with your consent; you can opt out at any time).

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal grounds:

• Contract performance — processing necessary to fulfil bookings, process payments, and deliver the services you have requested.
• Legitimate interest — fraud prevention, platform security, service improvement, and internal analytics, where these interests are not overridden by your rights.
• Consent — marketing emails, analytics cookies, and precise location access. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Legal obligation — retention of tax records, compliance with safety regulations, and responding to lawful requests from authorities.

4. Cookies & Tracking

We use cookies and similar technologies to operate and improve our platform. The categories of cookies we use are:

• Essential — authentication session tokens, CSRF protection tokens, and language/currency preferences. These are strictly necessary and cannot be disabled.
• Analytics — Google Analytics (GA4) to understand how our platform is used, measure feature adoption, and identify performance issues.
• Functional — Mapbox cookies and local storage required for map rendering and location services.

A cookie consent banner is displayed on your first visit, allowing you to accept or reject non-essential cookies. You can update your preferences at any time. For full details, see our Cookie Policy.

5. Third-Party Services

We share data with trusted third parties only as necessary to operate our platform:

• Stripe — payment processing. See Stripe's Privacy Policy.
• Supabase — database hosting and authentication. See Supabase's Privacy Policy.
• Resend — transactional email delivery. See Resend's Privacy Policy.
• Mapbox — map rendering and location services. See Mapbox's Privacy Policy.
• Google Analytics — usage analytics. See Google's Privacy Policy.
• Apple / Google — authentication via Sign-In. See Apple's Privacy Policy and Google's Privacy Policy.
• Vercel / Coolify — hosting infrastructure. See Vercel's Privacy Policy.

We do not sell your personal data to any third party.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Booking records are kept for up to 7 years for tax and legal compliance. You may request deletion of your account and personal data at any time.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your personal data ("right to be forgotten").
• Restrict or object to processing of your data.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data protection authority.

8. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights regarding your personal information:

• Right to know — you may request details about the categories and specific pieces of personal information we have collected about you.
• Right to delete — you may request the deletion of personal information we have collected from you, subject to certain exceptions.
• Right to opt-out of sale — we do not sell your personal information to third parties and have no plans to do so.
• Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, please contact us at privacy@swiftjet.app.

9. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify affected users and relevant supervisory authorities within 72 hours as required by GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also communicate the breach to you directly without undue delay.

10. Data Security

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure.

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a child, we will promptly delete it.

12. International Transfers

Your data may be processed in countries outside the EEA. Where this occurs, we ensure adequate safeguards are in place, such as EU Standard Contractual Clauses.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: info@swiftjet.app
• Website: swiftjet.app/contact

For data protection inquiries, contact our Data Protection Officer at privacy@swiftjet.app.

SwiftJet, Athens, Greece