Privacy Policy

Last updated: 4 June 2026

SwiftJet is operated by [Legal Name], individual business / sole proprietorship registered in Greece, with registered address [Registered Address] and tax/VAT identifier [VAT / Tax ID] ("SwiftJet", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, retain, and protect personal data when you use swiftjet.app, the SwiftJet customer app, the SwiftJet operator app, and related marketplace services.

1. Controller and contact details

For GDPR purposes, the controller is [Legal Name] trading as SwiftJet. You can contact us at info@swiftjet.app. For privacy requests, contact privacy@swiftjet.app. If we appoint a data protection officer, EU representative, or a separate company in Greece or Cyprus, this page will be updated before that change is relied on publicly.

2. Personal data we collect

• Account data: name, email, phone number, one-time password authentication events, authentication identifiers, profile photo, preferred language, country, currency, and account role.
• Booking data: requested activity, equipment, dates, guests, location, pricing, waivers, cancellation history, disputes, reviews, review-authenticity signals, support records, incident reports, and no-show/late-arrival records.
• Operator data: business profile, trader status, licenses, insurance evidence, fleet details, payout details, verification records, availability, images, staff contact details, tax details, and compliance notes.
• Payment data: payment status, transaction identifiers, refunds, deposits, chargebacks, payout records, fraud signals, and limited card metadata processed by Stripe; we do not store full card numbers.
• Communications: messages, support tickets, contact forms, moderation reports, notifications, call/email metadata, call or chat recordings where notice is provided, and feedback.
• Device and usage data: IP address, device identifiers, app version, browser type, operating system, logs, crash data, pages/screens visited, search activity, referral source, cookie identifiers, and approximate geolocation.
• Location data: approximate location from IP address and precise GPS location only when you grant device permission.
• User content data: listings, reviews, photos, videos, messages, profile text, uploaded documents, metadata, and other content that may include personal data about you or other identifiable people.
• Sensitive or special-category data: we do not intentionally request health, biometric, religious, political, or similar sensitive data. If you voluntarily include medical, disability, or incident information needed for safety, support, insurance, or legal claims, we process it only as necessary and where a lawful basis applies.

3. Sources of personal data

We collect data directly from you, from operators or customers you transact with, from payment and identity providers, from analytics, hosting, communications, fraud-prevention and support providers, from device/app permissions, and from public or official sources when verifying operators, safety, sanctions, fraud, or legal compliance. Where Article 14 GDPR requires indirect-source notices, we provide the required source and category information within the applicable timeframe unless an exemption applies.

4. How we use personal data

• Provide accounts, search, bookings, payments, refunds, messages, support, reviews, operator tools, safety flows, and legal documents.
• Verify operator eligibility, trader details, licenses, insurance, safety obligations, and marketplace trust signals.
• Send transactional emails, SMS or push notifications, booking reminders, receipts, support messages, security alerts, and service updates.
• Prevent fraud, abuse, money laundering, sanctions breaches, platform circumvention, unsafe activity, spam, unauthorized access, and violations of our terms.
• Monitor or review marketplace messages, support communications, listings, reviews, and incident reports where reasonably necessary for safety, fraud prevention, dispute resolution, moderation, legal compliance, or platform integrity.
• Improve, debug, personalize, measure, rank, and secure the platform.
• Send marketing only where permitted by law or consent, with opt-out controls.
• Comply with tax, accounting, consumer protection, maritime safety, platform regulation, sanctions, law-enforcement, court, and regulatory obligations.

5. Legal bases under GDPR

• Contract performance: account creation, bookings, payments, refunds, messaging, support, operator onboarding, and platform services requested by you.
• Legal obligation: tax records, accounting, lawful requests, sanctions screening, safety, consumer, and anti-fraud obligations.
• Legitimate interests: marketplace safety, fraud prevention, security, analytics, product improvement, ranking and search quality, dispute handling, operator verification, enforcing anti-circumvention rules, and defending legal claims.
• Consent: non-essential cookies, precise location, marketing communications where required, optional app permissions, and any optional processing where consent is the appropriate basis.
• Vital interests or legal claims: in rare safety incidents, emergencies, insurance, injury, or dispute contexts where processing is necessary.

6. Sharing of personal data

We share data only as needed with customers, operators, payment processors, identity/auth providers, hosting providers, database/storage providers, analytics providers, email/SMS/push providers, map/location providers, fraud-prevention providers, support tooling, professional advisers, insurers, banks, regulators, courts, law enforcement, tax authorities, and successor entities in a merger, restructuring, sale, or transfer of the SwiftJet business. We do not sell personal data.

In an incident, emergency, safety investigation, suspected unlawful activity, or serious dispute, we may share relevant booking, identity, contact, location, message, operator, insurance, medical, or incident information with operators, emergency services, coast guard, port or marina authorities, medical responders, insurers, payment providers, regulators, courts, law enforcement, or professional advisers where necessary and lawful.

Operators may act as independent controllers for personal data they receive to provide their own activities, comply with maritime, tax, insurance, and safety laws, or handle their direct customer relationship. Operators are responsible for their own privacy notices and lawful processing when acting independently.

Where a provider processes personal data for SwiftJet, we treat that provider as a processor and subprocessor chain where applicable, use contractual safeguards where required, and keep a provider inventory that can be published or provided on request once finalized. Provider names, purposes, processing locations, and transfer safeguards should be reviewed before launch and whenever major vendors change.

Payment providers, app stores, map providers, identity providers, and operator websites or waivers may also process data under their own terms and privacy notices when you interact with them directly. SwiftJet should publish vendor-specific links once final providers are confirmed.

7. Marketplace visibility and trader transparency

Customers and operators may see the information needed to complete a booking, including names, booking details, meeting points, messages, reviews, cancellation/dispute status, operator business details, and trader information required by law. Operators are responsible for providing accurate public-facing trader, license, insurance, price, tax, and cancellation information.

Listings, reviews, ratings, destination content, profile snippets, and safety or compliance badges may be public or visible to other marketplace users. Do not post private or sensitive information in public fields, reviews, or listing descriptions.

If you upload or submit photos, videos, documents, reviews, or messages containing another identifiable person, you are responsible for having a lawful basis or permission to do so where required. We may remove or restrict content that appears to violate another person’s privacy, image, publicity, intellectual property, safety, or data-protection rights.

8. Cookies, analytics, and app technologies

We use essential cookies and local storage for authentication, security, preferences, fraud prevention, and platform functionality. With consent where required, we may use analytics and measurement tools. You can manage non-essential cookie choices through the cookie banner or your browser/device settings. Mobile apps may request permissions for location, notifications, camera/photos, and device features only when needed for app functionality. Where legally required and technically supported, we honor Global Privacy Control or comparable opt-out preference signals for sale/sharing or targeted advertising choices.

You can withdraw optional app permissions through your device settings. Some features may stop working if permissions, cookies, push notifications, camera access, photo access, or precise location are disabled. Withdrawing consent does not affect processing already carried out lawfully before withdrawal.

9. Automated decision-making, ranking, and fraud controls

We may use automated or semi-automated systems to support fraud detection, spam prevention, risk scoring, search ranking, recommendations, moderation queues, and security alerts. These systems do not make solely automated decisions with legal or similarly significant effects without human review where required by law. Key marketplace ranking signals may include availability, destination, activity type, price, ratings, response time, verification status, safety/compliance indicators, distance, promotions, and relevance to search filters.

10. International transfers

Our providers may process data outside Greece, Cyprus, the EEA, or your country. Where required, we rely on adequacy decisions, Standard Contractual Clauses, transfer risk assessments, or other lawful safeguards. You may contact privacy@swiftjet.app for more information about transfer safeguards.

11. Retention

We keep personal data only as long as needed for the purposes described above. Typical retention periods are: account data for the account lifetime; booking, payment, invoice, tax, and payout records for up to 7 years or longer if legally required; dispute, fraud, safety, sanctions, and abuse records for the period necessary to protect users and defend claims; operator verification records while listed and for a reasonable post-termination period; marketing data until opt-out or consent withdrawal; technical logs for a limited security/debugging period unless needed for investigation. Deletion requests may be limited where retention is required for law, safety, fraud prevention, disputes, accounting, chargebacks, or legal claims.

Closing or deleting an account does not automatically cancel active bookings, waive unpaid amounts, remove public reviews where retention is lawful, or erase records we must keep for tax, accounting, safety, fraud, dispute, insurance, chargeback, regulatory, or legal-claims purposes. We may de-identify or aggregate data instead of deleting it where lawful.

12. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, object, portability, withdraw consent, and lodge a complaint with a supervisory authority. EEA users may contact the Hellenic Data Protection Authority or their local authority. California and other US residents may have additional rights to know, delete, correct, opt out of sale/sharing where applicable, limit certain sensitive data uses, and not be discriminated against for exercising rights. We do not sell personal information or knowingly share it for cross-context behavioral advertising without required notice and choice.

13. How to exercise rights

Email privacy@swiftjet.app with your request. We may need to verify your identity and account ownership before acting. We aim to respond within the period required by applicable law. If we refuse or limit a request, we will explain why where legally permitted.

If you use an authorized agent or representative, we may require proof of authorization and may still ask you to verify your identity directly where permitted by law. We request only information reasonably necessary to verify the request and protect other users. If fulfilling a request would reveal another person’s data, trade secrets, fraud signals, security information, or legally privileged material, we may redact, limit, or refuse the affected part where lawful.

For EEA GDPR requests, we aim to respond within one month of receiving a valid request, unless an extension is permitted for complex or numerous requests. Requests are generally free of charge, but we may refuse or charge a reasonable fee where a request is manifestly unfounded, excessive, repetitive, or abusive, as permitted by law.

14. Security

We use technical and organizational safeguards including access controls, encrypted transport, database permissions, audit logging, backups, least-privilege admin access, and provider security controls. No online service can guarantee absolute security. If a personal data breach is notifiable, we will notify the competent supervisory authority and affected individuals where required by GDPR or other applicable law.

You are responsible for keeping your email, phone number, device, and one-time password access secure. Notify us promptly if you suspect unauthorized account access, SIM swap, compromised email, or a fraudulent booking.

You should keep your contact, booking, payout, tax, and emergency-relevant information accurate and up to date. We are not responsible for missed notices, failed OTP delivery, payout delays, or booking issues caused by inaccurate or outdated information you control.

15. Children

SwiftJet is not directed to children. Users must be at least 18 or the age of majority required to create an account, list, or book. We do not knowingly collect children’s personal data.

If a child or minor participates in an activity booked by an adult, we may process limited participant information supplied by the booking customer or operator only as needed for safety, eligibility, insurance, incident response, legal compliance, or dispute handling. The adult providing that information must have authority to do so and must not submit more minor data than necessary.

16. Third-party links and operator documents

Operator websites, waivers, rental agreements, insurance documents, and third-party payment or identity pages may have separate privacy practices. Review those notices before providing information directly to them.

17. Changes to this policy

We may update this policy as SwiftJet, the legal entity, services, providers, or applicable law changes. Material changes will be posted here and, where appropriate, notified by email, in-app notice, or other reasonable means before they take effect.

18. Contact

For privacy requests email privacy@swiftjet.app. For general support email info@swiftjet.app. Registered address: [Registered Address]. Current legal identity fields are editable placeholders until you publish the final registered details.