Privacy Policy

Depending on how you use FlyMeOut we process:

• Account & identity data - name, email, authentication identifiers from Clerk, and role metadata (admin, beta tester, waitlist).
• Travel preference data - route names, airport codes, cabin class, travel dates, price thresholds, flexible date ranges, loyalty numbers, and notes you add to a watch.
• Transactional & support records - waitlist submissions, feedback, support tickets, and responses to surveys or promotions.
• Usage and device data - log files, IP address, locale, browser version, device identifiers, and product analytics events that help us understand feature adoption.
• Derived insights - price deltas, alert history, and aggregated metrics we calculate from Amadeus and other fare sources to surface trends back to you.
• Partner-sourced data - enriched airport metadata, airline names, and downstream reference data delivered via our backend integrations.

• Authenticating and securing accounts via Clerk, enforcing admin/waitlist rules, and preventing fraud or abuse.
• Configuring, running, and troubleshooting watches, snapshots, alerts, hotel experiments, and waitlist workflows.
• Personalizing dashboards, recommended routes, and notification pacing based on your historical usage.
• Conducting analytics, forecasting, and benchmarking to keep alerts trustworthy without exposing individual itineraries.
• Sending transactional emails or push notifications about watch status, product changes, or required legal updates.
• Marketing FlyMeOut features (only with the preferences you set) and measuring the performance of campaigns.
• Complying with applicable law, responding to lawful requests, and enforcing agreements or policies.

• Contractual necessity - delivering the flight price monitoring capabilities you ask us to run.
• Legitimate interests - securing the platform, preventing abuse, and improving accuracy in ways that do not override your rights.
• Consent - sending optional marketing messages, enabling non-essential cookies, or honoring beta research programs.
• Legal obligation - record keeping, responding to regulators, tax authorities, or law enforcement when required.

• Infrastructure & security partners - Vercel (hosting), Supabase/PostgreSQL (data storage via backend), Clerk (identity), logging and monitoring vendors.
• Travel & data suppliers - Amadeus, airline reference providers, or hotel partners strictly to fetch fares or enrich your watches.
• Analytics & communications - product analytics, survey, and email delivery tools that help us understand engagement and send updates.
• Professional advisors - auditors, legal counsel, or insurers when needed to protect FlyMeOut and our users.
• Regulators & law enforcement - when we must respond to lawful requests, enforce our agreements, or protect users from harm.

• Profile controls - update or delete account data through your settings or by contacting us.
• Marketing opt-out - every promotional email includes an unsubscribe link; you can also opt out inside settings.
• Access, correction, deletion, portability, or restriction requests - available to all users, with additional statutory rights for EEA/UK/Swiss (GDPR) and U.S. state privacy laws (including CCPA/CPRA, CPA, VCDPA). Submit requests via privacy@flymeout.com.
• Authorized agent requests (California) - agents must present verifiable proof of authority before we respond.
• Appeals - if we deny a privacy request, U.S. residents covered by state laws may appeal by replying to our decision email.

• Essential cookies - keep you signed in through Clerk, route requests through Vercel, and secure the waitlist and dashboard.
• Functional analytics - product analytics that aggregate engagement signals so we can benchmark alert performance without storing raw itinerary details for longer than necessary.
• Optional marketing cookies - only activated if you opt in to beta promos; you can change this anytime inside the app or via your browser controls.