PRIVACY

Privacy Policy

Last updated: 27 April 2026

We collect what we need to send you fares. Nothing more. We do not sell your data. We do not share it with anyone who does not need it to run this service. This page tells you exactly what, why, and what you can do about it.

Who we are

Luxury Flight Club is operated by Skip van Schaik, registered in Amsterdam, the Netherlands. KvK 42020749. We are the data controller for everything we collect about you on this site and in our emails.

You can reach us at skip@luxuryflightclub.com.

What we collect

When you join the free list:

• Your email address.
• The countries you fly from and want to fly to (from the quiz).
• Your IP address (for fraud prevention and rough region detection).

When you become a Gold member:

• Everything above.
• Your payment details, handled by Stripe. We never see your card number.
• Your billing country.

When you use our website:

• Pages you visit and time spent (via PostHog).
• Browser type, device, and screen size (standard web logs).
• Whether you opened our emails (via Kit, our email tool).

When you contact us:

• The contents of your email.
• Your name if you give it.

We do not collect anything you have not given us, and we do not buy data from third parties.

Why we collect it

• To send you fare alerts that match where you fly.
• To bill you for membership.
• To improve which deals we send (by seeing which fares get clicked).
• To answer your questions when you write to us.
• To keep our service secure (rate limiting, fraud detection).

That is all.

Who we share it with

We use a small set of third-party tools. Each one only sees what it needs.

• Stripe handles payments. They see your name, email, country, and card details. We never see card details ourselves.
• Kit (formerly ConvertKit) sends our emails. They see your email and your fare preferences.
• Supabase stores our database. They see everything we store, on EU servers.
• Vercel hosts our website. They see standard web traffic logs.
• PostHog measures how the site performs. They see anonymised usage events on EU servers.

Each of these has its own privacy policy. We have signed Data Processing Agreements with all of them where required by law.

We do not share your data with advertisers. We do not sell mailing lists. We do not run third-party trackers on this site beyond PostHog and Stripe.

Cookies

We use a few cookies to keep the site working and to measure usage.

• Essential cookies: session, login, currency preference. These are needed for the site to function. We do not ask consent for these because the law does not require it for essentials.
• Analytics cookies: PostHog measures page views and conversion funnels. We ask consent before setting these. You can opt out anytime.
• Stripe cookies: set by Stripe during checkout for fraud prevention.

You can change your cookie preferences at the bottom of any page.

How long we keep your data

• Account email and preferences: as long as your account exists, plus 12 months after cancellation in case you come back.
• Payment records: seven years, because Dutch tax law requires it.
• Email engagement data: 24 months.
• Web analytics: 12 months, then anonymised.
• Support emails: 24 months after the last reply.

You can ask us to delete your data sooner. See your rights below.

Your rights

Under the GDPR you can:

• See what we hold on you. Email us and we will send you a copy within 30 days.
• Correct anything wrong. Email us with the change.
• Have your data deleted. Email us and we will erase everything within 30 days, except records we are legally required to keep (like payment receipts).
• Take your data with you. We will export it in a machine-readable format.
• Object to certain uses. For example, you can object to analytics tracking.
• Withdraw consent at any time. Cancel emails by clicking unsubscribe; cancel cookies in the cookie settings.
• Complain to a regulator. In the Netherlands, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl). In other EU countries, your local data protection authority.

You do not need to give a reason for any of these requests. We will not charge you and we will not call you back to ask why.

International transfers

Stripe is a US company. When you pay, your card details cross the Atlantic. Stripe is certified under the EU-US Data Privacy Framework, which gives you the same legal protections as you have in the EU.

Our other vendors (Kit, Supabase, Vercel, PostHog) keep your data on EU servers wherever possible.

Children

Our service is for adults who pay for flights. We do not knowingly collect data from anyone under sixteen. If you believe a minor has given us their data, email us and we will delete it.

Changes to this policy

We will update this page when our practices change. The date at the top tells you when. If a change is significant we will email you before it takes effect, so you can decide whether to stay.

Contact

Questions about this policy, or about the data we hold on you, go to:

skip@luxuryflightclub.com

We answer within five working days. We do not have a dedicated Data Protection Officer because our scale does not legally require one.

This policy is written in plain English on purpose. If anything is unclear, ask us. We would rather rewrite a sentence than have you guessing what it means.