Privacy Policy

Last updated: May 2025

BRAYH ("we", "our", "us") is committed to protecting your privacy. This policy explains what personal data we collect when you use the BRAYH private aviation platform (website and mobile app), how we use it, and your rights in relation to that data.

1. Information We Collect

We collect information you provide directly, including:

  • Account data — full name, email address, phone number, and country when you register.
  • Passenger data — first name, last name, date of birth, passport number, and nationality for each traveller on a booking.
  • Communications — messages you send via our in-app support system.
  • Device data — device model, OS version, and FCM token used to deliver push notifications.

We also collect data automatically:

  • IP address, browser user-agent, and pages visited for security and analytics purposes.
  • Request logs (method, path, response status, duration) to monitor platform health.

2. How We Use Your Information

  • Processing and managing your flight bookings.
  • Sending booking confirmations, status updates, and support replies by push notification and email.
  • Verifying passenger identity as required by aviation regulations.
  • Detecting and preventing fraud or unauthorised access.
  • Improving and troubleshooting the platform.

3. Payment Data

Payment card details are handled exclusively by Stripe, our PCI-DSS compliant payment processor. BRAYH never stores raw card numbers, CVVs, or expiry dates. We store Stripe payment intent references and transaction status only.

4. Sharing Your Information

We do not sell your personal data. We may share it with:

  • Aircraft operators — passenger manifest data (names, passports, nationalities) required to operate your chartered flight.
  • Stripe — solely to process payments.
  • Firebase (Google) — to deliver push notifications to your device.
  • Regulatory authorities — where required by aviation law or a lawful court order.

5. Data Retention

We retain your account and booking data for as long as your account is active and for up to 7 years thereafter to satisfy legal, tax, and regulatory obligations. Passenger passport data associated with completed flights is retained for 5 years and then deleted. You may request earlier deletion subject to applicable legal requirements (see Your Rights below).

6. Security

We use industry-standard measures to protect your data, including TLS encryption in transit, AES-256-GCM encryption for sensitive fields in logs, strict session management, and CSRF protection on all state-changing requests. Access to personal data is restricted to authorised personnel only.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data (subject to legal retention obligations).
  • Object to or restrict certain processing.
  • Receive your data in a portable format.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at the address below.

8. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of the platform after changes are posted constitutes your acceptance of the revised policy.

For any privacy-related questions or to exercise your rights, contact us at privacy@brayh.com.