1. Data We Collect

When you make a booking, we collect:

• Personal information: full name, date of birth, nationality, email address, phone number
• Passport data: passport number (encrypted at rest with AES-256-GCM), passport photo page image, selfie
• Flight details: flight number, date, terminal
• Payment data: blockchain transaction hash, wallet address (sender), payment amount, chain and token

2. How We Use Your Data

Your data is used exclusively to:

• Process and fulfil your booking
• Forward necessary details to the partner operator at the airport
• Send your electronic voucher
• Handle support inquiries and refund requests

3. Data Retention

Passport data (encrypted passport numbers, passport photos, selfies) is automatically purged 30 days after the flight date to minimise data exposure risk.

Blockchain transaction records are retained indefinitely as they are publicly available on-chain and serve as proof of payment.

Booking records (name, contact, flight) are retained for up to 12 months for support and dispute resolution, then anonymised.

4. Data Security

Passport numbers are encrypted using AES-256-GCM with a unique IV per entry. Decryption is only performed on-demand by authorised admin personnel, and every decryption event is logged in an immutable audit trail including timestamp, admin identity, and IP address.

Images are stored in encrypted-at-rest blob storage and served via time-limited signed URLs.

5. Third Parties

We share the minimum necessary information with our airport partner operator to deliver the fast-track service. We do not sell, rent, or share your personal data with any other third party.

6. Your Rights

You may request access to, correction, or deletion of your personal data at any time by contacting us. Deletion requests will be honoured within 30 days, subject to legal retention requirements.