Privacy Policy

Privacy Policy — Fly Club

Owner/Operator: Fly Club (“Fly Club,” “we,” “us,” “our”)

1) Scope and who this applies to

  • This policy covers personal data we process through our website, apps, customer support, WhatsApp/SMS, and any other services we operate (collectively, the “Service”).

  • It applies to visitors, customers, and account holders.

  • Additional notices may apply if required by your local law (for example, the EU/EEA, UK, or California).

2) The data we collect

a) Data you give us

  • Account details: name, email, phone number, password.

  • Order and billing details: shipping/billing addresses, payment method info (tokenized; we don’t store full card numbers), GST details if provided.

  • Communications: messages you send via email, contact forms, chat, WhatsApp/SMS, phone call recordings where permitted.

  • Submissions: reviews, ratings, survey responses, support tickets, attachments.

  • Identity & verification (only if required for a service): ID numbers or documents, selfies, or signatures.

b) Data collected automatically

  • Device and log data: IP address, browser type, device IDs, OS, referral URLs, pages viewed, session timestamps, crash logs.

  • Cookie/SDK data: identifiers stored via cookies, local storage, and mobile SDKs to remember preferences, secure sessions, and measure usage.

  • Approximate location: inferred from IP to localize content and prevent fraud.

c) Data from third parties

  • Payment, fraud, and logistics partners: payment status, chargeback signals, delivery status.

  • Analytics and advertising partners: aggregated performance metrics, campaign attribution.

  • Social/media sign-ins (if enabled): profile basics you permit us to access.

We don’t intentionally collect sensitive personal data unless you choose to provide it for a specific purpose and we have a lawful basis to process it.

3) Why we use your data (purposes + legal bases)

We process data to:

  • Provide the Service and fulfill orders (contract): create/manage accounts, process payments, deliver products/services, provide customer support.

  • Communicate with you (contract, legitimate interests, consent where required): transactional emails/SMS/WhatsApp, service notices, policy updates.

  • Improve and secure the Service (legitimate interests): debugging, analytics, A/B testing, fraud prevention, abuse detection.

  • Legal and compliance (legal obligation): tax, accounting, responding to lawful requests.

  • Marketing with your consent (consent/legitimate interests where allowed): only non-essential messages; you can opt out anytime.

Under India’s Digital Personal Data Protection Act, 2023 (DPDP Act), we rely on consent and other lawful uses permitted by the Act. For EU/UK users, we rely on contract, legitimate interests, consent, and legal obligation as defined under GDPR/UK GDPR. For California residents, we adhere to CPRA requirements described below.

4) Cookies and similar technologies

We use:

  • Strictly necessary cookies for login, security, and core site features.

  • Functional cookies to remember preferences.

  • Analytics cookies/SDKs to understand usage and improve performance.

  • Advertising/measurement tags (only if/when used) to measure campaign performance; we do not sell your data.

Your choices: You can manage cookies via our banner (where available) and your browser settings. Blocking certain cookies can break parts of the site.

5) How we share data

We don’t sell personal data. We share it only with:

  • Service providers/Processors: hosting, payment gateways, fraud screening, analytics, customer support, email/SMS/WhatsApp delivery, logistics. They act under contracts that limit use to our instructions.

  • Business transfers: merger, acquisition, financing, or sale of assets (your data may transfer with the business).

  • Legal reasons: if required by law, court order, or to protect our rights, users, or the public.

  • With your direction: for example, when you request we share information with a partner or integrate a third-party service.

6) International transfers

Our providers may process data outside your country. When we transfer data internationally, we use safeguards recognized by applicable law (e.g., contractual clauses). Under India’s DPDP Act, cross-border transfers are allowed unless specifically restricted by the Government of India.

7) Retention

We keep personal data only as long as necessary for the purposes above, including:

  • Account and order records: for the life of your account plus the time needed for legal, tax, and accounting requirements.

  • Communications and support tickets: for service history and QA, typically 24–36 months unless law requires longer.

  • Analytics data: typically aggregated or anonymized after defined periods.
    When data is no longer needed, we delete or anonymize it.

8) Security

We use administrative, technical, and physical safeguards: encryption in transit, access controls, least-privilege practices, monitoring, and regular reviews. No system is perfect; if a breach happens, we’ll notify you and regulators as required by law.

9) Your rights

a) India (DPDP Act, 2023)

You can:

  • Access your personal data.

  • Correct inaccurate or incomplete data.

  • Delete personal data when it’s no longer necessary or consent is withdrawn.

  • Grievance redressal via our Grievance Officer.

  • Nominate (designate) another person to exercise rights in case of death or incapacity (write to us to record a nominee).

b) EU/EEA & UK (GDPR/UK GDPR)

You can request:

  • Access, rectification, erasure, restriction, and portability.

  • Objection to processing based on legitimate interests and to direct marketing.

  • Withdrawal of consent at any time (won’t affect prior processing).

  • Complaint to your local supervisory authority.

c) California (CPRA)

You have:

  • Right to know categories and specific pieces of personal information we collect.

  • Right to delete data (with certain exceptions).

  • Right to correct inaccurate data.

  • Right to opt out of “sharing” for cross-context behavioral advertising (we currently do not sell personal information).

  • Right to non-discrimination for exercising rights.

How to exercise rights: Email support@flyclub.com with “Privacy Request” in the subject. We’ll verify your identity and respond within the timelines required by law. Authorized agents may act on your behalf where permitted.

10) Children’s privacy

Our Service isn’t directed to children under 13. We don’t knowingly collect data from children. If you believe a child provided data, contact us and we’ll delete it as required.

11) WhatsApp, SMS, and phone communications

If you contact us or opt in to updates by WhatsApp/SMS/phone:

  • We’ll send transactional and service messages (e.g., order updates, support).

  • You can opt out of non-essential messages anytime by replying with the indicated keyword or contacting support.

  • Messaging providers may receive metadata necessary to deliver messages.

12) Payments

Payments are processed by third-party gateways. We receive payment confirmations and limited instrument details (e.g., last 4 digits, brand) but not full card numbers. Disputes/chargebacks may involve sharing relevant records with banks or networks to resolve the claim.

13) Third-party links and services

Links on our site may take you to other websites or apps. Their privacy practices are their own. Review their policies; we aren’t responsible for them.

14) Automated decision-making and profiling

We may use limited automated checks (e.g., fraud screening, bot detection). These systems help protect accounts and transactions. If an automated decision significantly affects you and your law gives you a right to object or request human review, contact us.

15) Do Not Track / Global Privacy Control

Some browsers send “Do Not Track” or Global Privacy Control signals. Where legally required and technically feasible, we’ll honor recognized signals for opt-out preferences related to advertising or sharing.

16) Changes to this policy

We’ll update this policy when needed. If changes are material, we’ll give you reasonable notice (site banner or email). The “Effective date” at the top tells you when it took effect. Keep using the Service after an update, and you’re agreeing to the new version.

17) Contact and grievance redressal

Primary contact:
Fly Club
Bhardwaj Marg, Greater Kailash, Delhi 110048, India
📧 support@flyclub.com • 📞 +91 7450945725

Grievance Officer (India):
We’ve appointed a Grievance Officer for complaints under applicable Indian law.
Email: support@flyclub.com (subject: “Grievance – Privacy”)
Address/Phone: same as above

We aim to acknowledge grievances within 48 hours and resolve them within 30 days, or as required by law.

18) CPRA “Notice at Collection” (California)

Categories we collect: Identifiers (name, email, phone), commercial information (orders), internet activity (logs/analytics), geolocation (approximate), inferences (preferences), and payment-related information (tokenized).
Sources: You, your devices, service providers, analytics, payment/logistics partners.
Purposes: Provide services, security/fraud prevention, analytics, communications, compliance.
Sharing/Selling: We do not sell personal information. We do not knowingly share for cross-context behavioral advertising.
Retention: Kept as outlined in Section 7.
Your rights: See Section 9(c).

19) Country-specific notes

  • India: Processing follows the DPDP Act, 2023 and its rules. Cross-border transfers follow Government notifications.

  • EU/UK: If you’re in the EU/UK, GDPR/UK GDPR rights in Section 9(b) apply. Our lawful bases are listed in Section 3.

  • Other regions: We follow local laws where applicable. If a right granted by your local law isn’t listed, contact us and we’ll address it.

20) Final notes

What this really means is: we use the minimum data needed to run Fly Club, keep it safe, and make your experience better. You control your choices, and we’re here to help you exercise them.

Shopping Cart
Scroll to Top