Privacy Policy

Last updated · April 23, 2026

This Privacy Policy explains how Point2Air ("Point2Air," "we," "us," or "our") collects, uses, discloses, and safeguards personal information when you use our website and services (the "Service"). It applies to all users of the Service and is incorporated by reference into our Terms of Service.

1. Information We Collect

Information you provide

  • Account information: first name, last name, email address, and a hashed password. If you sign in through Google, we receive the limited profile information Google shares (typically name, email, and avatar).
  • Search activity: the flight routes, dates, cabin classes, passenger counts, and filter selections you enter into the Service.
  • Saved preferences (optional): saved trips, saved searches, and any travel preferences you choose to store. These fields are opt-in.
  • Communications: the contents of messages you send us through support channels and any feedback you submit.

Information collected automatically

  • Device and connection data: IP address, browser type and version, operating system, device identifiers, language settings, and referring URLs.
  • Usage data: pages viewed, links clicked, features used, timestamps, and approximate session duration.
  • Cookies and similar technologies: see Section 5 below.

Information we do not collect

We do not collect precise geolocation, biometric data, health information, contents of your contacts or calendar, or financial account numbers. If we add payment features in the future, card data will be handled directly by a PCI-DSS-compliant processor and we will update this Policy before collection begins.

2. How We Use Information

We use the information we collect to:

  • Create and maintain your account and authenticate you;
  • Provide, operate, and personalize the Service, including ranking and recommending flights and transfer partners based on your search activity and preferences;
  • Improve the Service, develop new features, and conduct internal analytics and research;
  • Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms;
  • Communicate with you about service updates, security notices, and (where you have opted in) marketing communications;
  • Comply with legal obligations and respond to lawful requests from public authorities.

We do not sell your personal information, and we do not use it for targeted advertising or to build profiles for third-party advertisers.

3. How We Share Information

We share personal information only as described below:

  • Service providers: vendors that host infrastructure, provide authentication, send transactional email, analyze usage, or supply flight and award data. Current categories include Supabase (authentication and database), our hosting provider, and the flight-data APIs we query on your behalf. These vendors are bound by contract to use personal information only to perform services for us.
  • Legal and safety: law enforcement, courts, regulators, or other third parties when we reasonably believe disclosure is required by law, to protect rights and safety, or to investigate fraud or abuse.
  • Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of substantially all of our assets, subject to customary confidentiality safeguards.
  • With your consent: any other sharing will be with your prior consent.

4. Data Retention

We retain personal information for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements. Search history and usage logs are retained in identifiable form for up to 24 months, after which we delete them or aggregate and anonymize them. You may request earlier deletion as described in Section 7.

5. Cookies and Similar Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Service against fraud, and understand how the Service is used. You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

6. Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, and unauthorized access. No security measure is perfect, and we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and the appropriate authorities in accordance with the New Jersey Identity Theft Prevention Act and other applicable laws.

7. Your Rights and Choices

Regardless of where you reside, we offer every user the following rights with respect to their personal information:

  • Access: request a copy of the personal information we hold about you;
  • Correction: request that we correct inaccurate personal information;
  • Deletion: request that we delete your account and associated personal information;
  • Portability: request a machine-readable copy of the personal information you provided to us;
  • Opt-out of marketing: unsubscribe from marketing emails at any time using the link in each message;
  • Opt-out of sale or targeted advertising: we do not engage in either, but if that ever changes you will be given an opt-out mechanism before any such processing begins;
  • Non-discrimination: we will not deny service, change pricing, or reduce quality because you exercised a privacy right.

To exercise any of these rights, email privacy@point2air.com. We will respond within 45 days, or sooner where required by law. We may need to verify your identity before fulfilling a request.

8. New Jersey Residents

If you are a New Jersey resident, you have the rights described above under the New Jersey Data Privacy Act (effective January 15, 2025). You also have the right to appeal a refusal to take action on your request by replying to our response email or contacting privacy@point2air.com with "Privacy Appeal" in the subject line. If your appeal is denied, you may contact the New Jersey Division of Consumer Affairs to submit a complaint.

9. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has provided us personal information, please contact privacy@point2air.com and we will delete the information promptly.

10. International Users

The Service is operated from the United States. If you access the Service from outside the U.S., you understand that your information will be transferred to, stored, and processed in the U.S., where data-protection laws may differ from those in your jurisdiction.

11. Changes to this Policy

We may update this Policy from time to time. If we make material changes we will provide reasonable advance notice (for example, by email or a prominent notice on the Service). The "Last updated" date at the top of this Policy reflects the most recent revision.

12. Contact

Questions, requests, or complaints concerning this Policy should be directed to privacy@point2air.com.