FLYRADA

Legal · Policy 01

Privacy Policy

Last updated 28 May 2026. This policy explains what data FlyRada processes, why, and the rights you have over it.

1. Who we are

FlyRada Ltd (“FlyRada”, “we”, “our”) is a company registered in England and Wales under company number 14872091, with its registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. We are the data controller for personal data processed through our website (flyradaltd.com) and customer portal.

For privacy questions contact our Data Protection Officer at contact@flyradaltd.com.

2. What data we collect

  • Account data: name, business email, billing address, VAT ID, phone.
  • Billing data: card last 4 digits, SEPA mandate reference, invoice history. Card numbers are handled by Stripe, a PCI-DSS Level 1 processor — we never store full PANs.
  • Technical data: IP address, browser user-agent, request logs, API call metadata, server resource telemetry.
  • Support data: emails, ticket transcripts, call recordings (with consent).
  • Marketing data: only if you opt in to our newsletter.

3. Lawful bases (Article 6 UK/EU GDPR)

  • Contract — to provision and bill the services you order.
  • Legal obligation — accounting, tax, abuse reporting, lawful interception requests.
  • Legitimate interests — fraud prevention, network security, service improvement.
  • Consent — non-essential cookies and marketing emails. You may withdraw consent at any time.

4. How long we keep it

Account and billing records are retained for 7 years after closure to satisfy HMRC obligations. Server access logs are retained for 90 days. Support tickets are retained for 24 months. Marketing data is deleted within 30 days of unsubscribe.

5. Who we share data with

We share the minimum necessary data with: Stripe (payments), Sendgrid (transactional email), Cloudflare (edge security), our colocation partners (Equinix LD8, Telehouse North), and HMRC where legally required. All processors are bound by Article 28 DPAs and EU SCCs where applicable.

6. International transfers

Production data stays within the UK and EU. The only transfers outside that region are aggregated telemetry to Stripe (US, under the EU-US Data Privacy Framework) and Sendgrid (US, EU SCCs + supplementary measures).

7. Your rights

You may request access, rectification, erasure, restriction, portability, or object to processing. To exercise these, email contact@flyradaltd.com. We respond within 30 days. You also have the right to lodge a complaint with the UK ICO (ico.org.uk) or your local EU supervisory authority.

8. Security

We operate an ISO 27001 and SOC 2 Type II certified ISMS. Data at rest is encrypted with LUKS/AES-256; data in transit uses TLS 1.3. Privileged access is gated by hardware MFA and recorded.

9. Cookies

The flyradaltd.com marketing site uses a strictly necessary session cookie and, with consent, Plausible Analytics (cookieless). The customer portal uses an auth cookie required to keep you signed in.

10. Changes

We will notify account holders by email at least 30 days before any material change to this policy.