Privacy Policy

Our Commitment To You

At FlyMeOut.io, your privacy is a top priority. Your privacy is at the core of the way we design and build the services and products you know and love, so that you can fully trust them and focus on building meaningful connections.

We appreciate that you put your trust in us when you provide us with your information and we do not take this lightly.

Our commitment to privacy. We design all of our products and services with your privacy in mind. We involve experts from various fields, including legal, security, engineering, product design and others to make sure that our decisions are taken with the utmost respect for your privacy.

Our commitment to transparency. Because we use many of the same online services you do, we know that insufficient information and overly complicated language are common issues in privacy policies. We take the exact opposite approach: we're doing our best to write our Privacy Policy and related documents in plain language. We actually want you to read our policies and understand our privacy practices!

Our commitment to security. We have teams dedicated to keeping your data safe and secure. We constantly update our security practices and invest in our security efforts to enhance the safety of your information.

Privacy Policy

Welcome to our Privacy Policy. Thank you for taking the time to read it.

If you are a California resident, please see our California Privacy Statement in Section 11, which supplements this Privacy Policy.

We appreciate that you trust us with your information and we intend to always keep that trust. This starts with making sure you understand the information we collect, why we collect it, how it is used and your choices regarding your information. This Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum.

This Privacy Policy applies from March 31, 2026 and supersedes all prior versions.

Table of Contents

1. Where This Privacy Policy Applies
2. Information We Collect
3. How We Use Information
4. How We Share Information
5. Cross-Border Data Transfers
6. Your Rights and Choices
7. How Long We Retain Your Information
8. Children's Privacy
9. Data Security and Breach Notification
10. Privacy Policy Changes
11. California Privacy Statement (CCPA/CPRA)

1. Where This Privacy Policy Applies

This Privacy Policy applies to websites, apps, events and other services we operate under the FlyMeOut.io brand, including our mobile applications for iOS and Android and our website at flymeout.io. For simplicity, we refer to all of these as our "services" in this Privacy Policy. Some services may require their own unique privacy policy. If a service has its own privacy policy, then that policy — not this Privacy Policy — applies.

This Privacy Policy applies to members located anywhere in the world, including in the United States, the European Economic Area ("EEA"), and the United Kingdom ("UK"). Where different legal requirements apply based on your location, we have noted those requirements within this Privacy Policy.

2. Information We Collect

We cannot help you develop meaningful connections and curated experiences without some information about you, such as basic profile details, the types of experiences you'd like to participate in, and information that allows us to verify your identity and eligibility for the Service. We also collect information about your use of our services such as access logs, as well as information from third parties, like when you access our services through your social media account. We go into more detail below.

2.1 Information You Give Us

You choose to give us certain information when using our services. This includes:

Account creation. When you create an account, you provide us with at least your phone number and email address, as well as basic details necessary for the service to work, such as your gender and date of birth. During onboarding we also collect travel-related information including your travel style, frequency, preferences, and referral source, which we use to curate your experience on the platform.

Gender information. We collect your gender as part of your profile. When creating or applying to experiences within the Service, members may specify gender preferences for that particular experience. These preferences are event-specific, may differ across experiences, and are used solely to facilitate the experience as configured by the member creating it. You consent to our use of this information by providing it and may update your profile gender at any time within your account settings.

Profile completion. You have the option to share additional information with us, such as details on your bio, your interests, travel preferences, and content such as photos and videos. To add certain content, like pictures or videos, you may allow us to access your camera or photo album.

Identity verification. As a condition of accessing certain features of the Service, you are required to submit a valid, government-issued identification document (such as a passport or driver's license) for the purpose of verifying your age and identity. Submitted identification documents are reviewed by authorized FlyMeOut.io personnel and stored securely using encrypted cloud storage. Identification documents are retained for the duration of your active membership and for a period of up to 12 months following account closure, or up to 3 years following an account ban, to support the integrity and safety of our platform, assist in investigations of misrepresentation or fraud, and comply with applicable legal obligations. Upon expiration of the applicable retention period, identification documents are permanently deleted. FlyMeOut.io retains a record of verification status and date separately for audit and compliance purposes. Identity verification documents are stored in Amazon S3 with encryption at rest enabled. Access to stored identification documents is strictly limited to authorized FlyMeOut.io personnel. Identification documents are delivered through ImageKit, a third-party image delivery service operating as a data processor on behalf of FlyMeOut.io solely for the purpose of facilitating the internal review workflow. FlyMeOut.io intends to transition to a dedicated third-party identity verification provider in the future, at which point this section will be updated accordingly.

Purchases and payments. When you subscribe to a paid service or make a purchase directly from us (rather than through a platform such as iOS or Android), you provide us or our payment processors with information such as your debit or credit card number or other financial information. FlyMeOut.io uses Stripe as its payment processor for direct payments. If you subscribe through the Apple App Store or Google Play Store, your payment information is handled directly by those platforms and is not received by FlyMeOut.io.

Booking services. When you initiate a booking through the Service for experiences such as villa rentals, yacht charters, or restaurant reservations, we share information necessary to facilitate that booking — including your name and contact details — with the applicable third-party Booking Provider. Payments for bookings are made directly to the Booking Provider and are not processed by FlyMeOut.io. Please refer to Section 4 (How We Share Information) and the Booking Services and Third-Party Transactions section of our Terms of Use for further details.

Surveys and research. When you participate in surveys, focus groups or market studies, you give us your insights into our products and services, responses to our questions and testimonials.

Promotions and contests. When you choose to participate in our promotions, events or contests, we collect the information that you use to register or enter.

Customer care. If you contact our customer care team, we collect the information you give us during the interaction. Interactions with our customer care team may be recorded or reviewed for quality assurance purposes.

Third-party information shared about others. If you share with us information about other people (for example, if you use contact details of a friend for a given feature), we process this information on your behalf in order to complete your request.

We also process your chats with other members as well as the content you publish to operate and secure the services, and to keep our community safe.

2.2 Information We Receive from Others

In addition to the information you may provide us directly, we receive information about you from others, including:

Members. Members may provide information about you as they use our services, for instance as they interact with you or if they submit a report involving you.

Social media. You may decide to share information with us through your social media account, for instance if you decide to create and log into your account via your social media or other account (e.g., Facebook, Google or Apple) or to upload onto our services information such as photos from one of your social media accounts.

Booking Providers. When you make a booking through the Service, the applicable Booking Provider may share information with us related to the status or outcome of that booking for the purpose of confirming your booking and resolving any related disputes.

Advertising and analytics partners. We may receive information about you from our advertising and analytics partners, including information about your interactions with our advertising campaigns on third-party platforms, in order to measure campaign effectiveness and improve our marketing efforts. Where legally permitted, we may also receive information about suspected bad actors from third parties as part of our efforts to ensure member safety and security.

2.3 Information Generated or Automatically Collected

When you use our services, technical data is generated about which features you've used, how you've used them and the devices you use to access our services.

Usage information. Using the services generates data about your activity on our services, for instance how you use them (e.g., when you logged in, features you've been using, actions taken, information shown to you, referring webpage address and ads that you interacted with) and your interactions with other members.

Device information. We collect information from and about the device(s) you use to access our services, including hardware and software information such as IP address, device ID and type, app settings and characteristics, app crashes, advertising IDs (which are randomly generated numbers that you can reset by going into your device settings and, in some cases, disable entirely), and identifiers associated with cookies or other technologies that may uniquely identify a device or browser.

Analytics data. We use Firebase (Google) for mobile app analytics, Datadog for infrastructure monitoring and performance tracking, Branch.io for attribution and deep linking, and Metabase for internal business intelligence and reporting. These tools collect and process data about how the Service is used. Each of these providers acts as a data processor on our behalf and processes data only as directed by FlyMeOut.io.

Cookies and similar technologies. We use and may allow others to use cookies and similar technologies (e.g., web beacons, pixels, SDKs) to recognize you and/or your device(s). Please read our Cookie Policy for more information on why we use them and how you can better control their use.

Do Not Track and Global Privacy Control. Some web browsers offer a "Do Not Track" ("DNT") feature. Because there is no uniform industry standard for responding to DNT signals, we do not currently alter our data collection practices in response to DNT signals. However, we do honor Global Privacy Control ("GPC") opt-out signals where required by applicable law, including in California and Oregon. If your browser transmits a GPC signal when you visit our website, we will treat it as a request to opt out of the sale or sharing of your personal information as defined under applicable law.

2.4 Information Collected with Your Consent

Precise geolocation data. If you give us your consent, we can collect your precise geolocation (latitude and longitude) from your device. The collection of your geolocation may occur in the background even when you aren't using the services if the permission you gave us expressly permits such collection. If you decline permission for us to collect your precise geolocation, we will not collect it, and our services that rely on precise geolocation may not be available to you.

Other information. We may collect other information with your permission, such as photos and videos (for instance, if you want to publish a photo or video or participate in streaming features on our services).

2.5 Interest-Based Advertising

Advertising companies may participate in self-regulatory programs which allow you to opt out of any interest-based ads involving them. For more information, you can visit the following sites: Digital Advertising Alliance; Interactive Digital Advertising Alliance; AppChoices (apps only). Opting out does not mean that you will not see Alliance; AppChoices (apps only). Opting out does not mean that you will not see advertising — it means you won't see personalized advertising from the companies that participate in the opt-out programs. Also, if you delete cookies on your device after you opted out, you will need to opt-out again.

3. How We Use Information

The main reason we use your information is to deliver and improve our services. Additionally, we use your information to help keep you and our community safe and to provide you with relevant communications and marketing. Read on for a more detailed explanation of the purposes for which we use your information.

3.A To Administer Your Account and Provide Our Services

We use your information to create and manage your account, verify your identity and age eligibility, provide you with customer support and respond to your requests, communicate with you about our services, personalize pricing, offer discounts and other promotions, complete your transactions, facilitate bookings with Booking Providers, and administer sweepstakes and contests.

3.B To Help You Connect with Other Members

We use your information to surface relevant members and experiences to you based on your profile and preferences, show member profiles to one another, and enable members to search for and connect with other members. FlyMeOut.io does not use automated matching algorithms. Member recommendations and application approvals are determined through manual human review by our internal team.

3.C To Provide New FlyMeOut.io Services

We use your information to register you and display your profile on new FlyMeOut.io features and apps, and to administer your account on these new features and apps.

3.D To Provide Offers and Operate Advertising and Marketing Campaigns

We use your information to perform and measure the effectiveness of advertising campaigns on our services and in marketing our services on third-party platforms including Meta (Facebook and Instagram). We use Klaviyo to send marketing and transactional emails, and Twilio to send SMS communications. We communicate with you about products or services that we believe may interest you. You may opt out of marketing communications at any time as described in Section 6.

3.E To Improve Our Services and Develop New Ones

We use your information to administer focus groups, market studies and surveys, review interactions with customer care teams to improve our quality of service, understand how members typically use the services to improve them, and develop new features and services based on member feedback and requests.

3.F To Prevent, Detect and Fight Fraud and Other Illegal or Unauthorized Activities

We use your information to find and address ongoing, suspected or alleged violations of our Terms of Use (notably through the review of reports and interactions between members), better understand and design countermeasures against violations, retain data related to violations to address them and prevent recurrences, enforce or exercise our rights as set out in our Terms of Use, and communicate to individuals who submit a report about what we've done as a result of their submission.

3.G To Ensure Legal Compliance

We use your information to comply with applicable legal requirements, respond to valid law enforcement requests, report child sexual abuse material to the National Center for Missing and Exploited Children as required by applicable law, and to assist regulatory authorities where required. For information on how we process personal information, please contact us.

Legal Bases for Processing

Provide our service to you. The reason we process your information for purposes A, B and C above is to perform the contract that you have with us. For instance, as you go about using our service to build meaningful connections, we use your information to maintain your account and your profile, make it viewable to other members, and to otherwise provide our free and paid features to you and other members.

Legitimate interests. We process your information for purposes D, E and F above, based on our legitimate interest. For instance, we analyze members' behavior on our services to continuously improve our offerings, we suggest offers we think might interest you and promote our own services, we process information to help keep our members safe and we process data where necessary to enforce our rights, assist law enforcement and enable us to defend ourselves in the event of a legal action.

Comply with applicable laws and regulations. We process your information for purpose G above where it is necessary for us to comply with applicable laws and regulations. For example, we retain transaction data in line with our accounting, tax and other statutory data retention obligations and to be able to respond to valid access requests from law enforcement. We also keep data evidencing consents members give us and decisions they may have taken to opt-out of a given feature or processing.

Consent. If you choose to provide us with information that may be considered "special" or "sensitive" in certain jurisdictions, such as your gender, you're consenting to our processing of that information in accordance with this Privacy Policy. From time to time, we may ask for your consent to collect specific information such as your precise geolocation. In any case, you may withdraw your consent at any time by contacting us at the address provided at the end of this Privacy Policy.

4. How We Share Information

Since our goal is to help you make meaningful connections and access curated experiences, the primary sharing of member information is with other members and with Booking Providers when you initiate a booking. We also share member information with service providers and partners who assist us in operating the services and, in some cases, with legal authorities. We do not sell your personal information to third parties.

With Other Members

You share information with other members when you voluntarily disclose information on the service (including your public profile). Please be careful with your information and make sure that the content you share is something you're comfortable being visible to other members.

If you choose to limit the audience for all or part of your profile or for certain content or information about you, then it will be visible according to your settings.

If someone submits a report involving you (such as a claim you violated our Terms of Use), we may communicate to the reporter actions, if any, we took as a result of their report.

With Booking Providers

When you initiate a booking through the Service, we share your name and contact information with the applicable Booking Provider solely for the purpose of facilitating that booking. Each Booking Provider processes your information in accordance with their own privacy policy and terms of service, which you should review before completing a booking. FlyMeOut.io does not control how Booking Providers use your information beyond the facilitation of your booking.

With Our Service Providers

We use vendors and service providers to help us operate, distribute, market and improve our services. These include:

Email communications: Klaviyo, which we use to send transactional and marketing emails to members.

SMS communications: Twilio, which we use to send SMS notifications and communications to members.

Advertising: Meta (Facebook and Instagram), through which we run advertising campaigns. We use the Meta Pixel on our public-facing website (flymeout.io) to measure campaign effectiveness. The Meta Pixel does not operate within the authenticated app environment and does not receive data about logged-in member activity.

Mobile analytics: Firebase (Google), which we use for mobile app analytics and performance monitoring.

Infrastructure monitoring: Datadog, which we use for server performance monitoring and alerting.

Attribution and deep linking: Branch.io, which we use for marketing attribution and deep link routing.

Business intelligence: Metabase, which we use for internal reporting and data analysis.

Payment processing: Stripe, which we use to process direct payments for subscriptions and in-app purchases made outside of the Apple App Store or Google Play Store.

Identity document delivery: ImageKit, which we use as an image delivery service for the internal identity verification review workflow. ImageKit processes identification document images solely as directed by FlyMeOut.io and does not use this data for any independent purpose.

All service providers and vendors are subject to strict confidentiality obligations and may only process your personal information as directed by FlyMeOut.io and for the may only process your personal information as directed by FlyMeOut.io and for the specific purposes for which they have been engaged. Where required by applicable law, including the GDPR, we have entered into or are in the process of entering into Data Processing Agreements with each of these providers.

For Corporate Transactions

We may transfer your information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control. In such circumstances, we will notify affected members as required by applicable law.

With Law Enforcement / When Required by Law

We may disclose your information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government or law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person. Where FlyMeOut.io obtains actual knowledge of child sexual abuse material on or transmitted through the Service, FlyMeOut.io will report such material to the National Center for Missing and Exploited Children via the CyberTipline at www.missingkids.org as required by 18 U.S.C. § 2258A.

To Enforce Legal Rights

We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and the legal rights of our members, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

With Your Consent or at Your Request

We may ask for your consent to share your information with third parties. In any such case, we will make it clear why we want to share the information.

Aggregated and De-Identified Information

We may use and share non-personal information (meaning information that, by itself, does not identify who you are, such as device information, general demographics, general behavioral data, or location in de-identified form), as well as personal information in hashed, non-human readable form, for advertising, analytics, and business development purposes. We may combine this information with additional non-personal information or personal information in hashed, non-human readable form collected from other sources. More information on our use of cookies and similar technologies can be found in our Cookie Policy.

5. Cross-Border Data Transfers

FlyMeOut.io is based in the United States. If you are located outside the United States, including in the European Economic Area ("EEA") or the United Kingdom ("UK"), your personal information will be transferred to and processed in the United States, which may have data protection laws that differ from those in your country. When we transfer personal information outside of the EEA, the UK, Switzerland or other countries whose data protection laws have been deemed adequate by the European Commission or other competent governmental body, we use Standard Contractual Clauses approved by the European Commission or other appropriate transfer mechanisms to ensure that your personal information receives an adequate level of protection. By using our services, you understand that your information will be transferred to our facilities and to those third parties with whom we share it as described in this Privacy Policy.

EU/UK Representative. EU/EEA, UK and DSA Representative. Pursuant to Article 27 of the General Data Protection Regulation and the UK GDPR, FlyMeOut Inc. has appointed DataRep as its Data Protection Representative in the European Economic Area, the United Kingdom, and Switzerland. FlyMeOut Inc. has also appointed DataRep as its Legal Representative in the EU/EEA for the purposes of Article 13 of the Digital Services Act. If you are located in the EU/EEA, UK, or Switzerland and wish to raise a question or exercise your privacy rights, you may contact DataRep on behalf of FlyMeOut Inc. as follows: by email at [email protected] (quoting "FlyMeOut Inc." in the subject line); via the online webform at www.datarep.com/data-request; or by post to DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland. Please mark all postal correspondence for the attention of "DataRep" and reference "FlyMeOut Inc." in your correspondence.

6. Your Rights and Choices

We want you to be in control of your information. Below is a summary of the options and tools available to you, as well as the privacy rights you may have depending on where you live.

Tools Available to All Members

Access / Update tools in the service. Tools and account settings can help you access, rectify or remove information that you provided to us and that's associated with your account directly within the service. If you have any questions on those tools and settings, please contact our customer care team for help.

Device permissions. Mobile platforms have permission systems for specific types of device data and notifications, such as phone contacts, pictures, location services, push notifications and advertising identifiers. You can change your settings on your device to either consent or oppose the collection or processing of the corresponding information or the display of the corresponding notifications. Of course, if you do that, certain services may lose functionality.

Marketing opt-out. You may opt out of receiving marketing emails from FlyMeOut.io at any time by clicking the "Unsubscribe" link in any marketing email we send, or by contacting us at [email protected]. You may opt out of marketing SMS messages by replying STOP to any such message. Please note that opting out of marketing communications does not affect transactional or service-related communications, which we may continue to send as necessary to administer your account.

Uninstall. You can stop all information collection by an app by uninstalling it using the standard uninstall process for your device. Remember that uninstalling an app does NOT close your account. To close your account, please use the corresponding functionality on the service.

Account closure. You can close your account by using the corresponding functionality directly on the service. Upon closure, your profile will stop being visible to other members. Please refer to Section 7 for details on how we handle your data following account closure.

Privacy Rights

Depending on where you live, you may have some or all of the following rights with respect to your personal information:

Access / Know. You may have the right to request a copy of the personal information we hold about you, and in certain circumstances to receive this in a portable format. You can exercise this right by contacting us at [email protected].

Delete / Erase. You may request that we delete the personal information we hold about you. You can exercise this right by submitting a request to [email protected]. Note that we may retain certain information as permitted or required by applicable law, as described in Section 7.

Correct / Rectify / Update. You can correct most information you provided to us by editing your profile directly in the service. If you believe the information we hold about you is inaccurate, you may contact us to rectify it.

Object / Restrict. You may have the right to object to or request that we restrict certain processing of your personal information, for instance where we process your information based on our legitimate interests. To do so, please contact us.

Opt out of sale or sharing. FlyMeOut.io does not sell your personal information to third parties. To the extent that any sharing of personal information for advertising purposes constitutes a "sale" or "sharing" under applicable law (including the CCPA), you may opt out by contacting us at [email protected] or by activating the Global Privacy Control signal in your browser.

Opt out of profiling. FlyMeOut.io does not use automated decision-making or profiling algorithms. Member application approvals and experience recommendations are determined through manual human review. To the extent any automated processing occurs, you may have the right to opt out under applicable law by contacting us.

For your protection and the protection of all of our members, we may ask you to provide proof of identity before we can answer the above requests. We may reject requests that are unlawful, invalid, that we are unable to authenticate, or that may infringe on trade secrets, intellectual property, or the privacy or other rights of another person. We may not be able to accommodate certain requests to restrict processing where such restrictions would prevent us from providing our service to you.

If you are a resident of California, Virginia, Colorado, Connecticut, Texas, Oregon, or another state with a comprehensive privacy law, you may have additional rights as described in Section 11 and under applicable state law. If we deny your privacy request, you may be able to appeal our decision by contacting us and explicitly referencing "Privacy Request Appeal."

If you are located in the EEA or the UK, you have the right to lodge a complaint with your local data protection authority if you have concerns about how we process your personal information. You can find information about your data protection regulator in the EEA here, and in the UK here.

7. How Long We Retain Your Information

We keep your personal information only as long as we need it for legitimate business purposes and as permitted or required by applicable law. If you decide to stop using our services, you can close your account and your profile will stop being visible to other members. We will close your account automatically if you are inactive for a period of two years. After your account is closed, we handle your personal information as follows:

Safety retention window. To protect the safety and security of our members, we implement a safety retention window of three months following account closure, or one year following an account ban. During this period, we keep your information in the event that it might be necessary to investigate unlawful or harmful conduct. The retention of information during this safety retention window is based on our legitimate interest as well as that of potential third-party victims.

Legal compliance data. We maintain limited data to comply with legal data retention obligations: in particular, we keep transaction data for 10 years to comply with tax and accounting legal requirements, credit card information for the duration during which a user may challenge the transaction, and traffic data and logs for one year to comply with legal data retention obligations. We also keep records of consents members give us for five years to evidence our compliance with applicable law.

Legitimate interest data. We maintain limited information on the basis of our legitimate interest: we keep customer care records and supporting data for five years to support our customer care decisions, enforce our rights, and enable us to defend ourselves in the event of a claim; information on the existence of past accounts and subscriptions, which we delete three years after the closure of your last account; profile data for one year in anticipation of potential litigation; and data necessary to prevent banned members from opening new accounts, for as long as necessary to ensure the safety and vital interests of our members.

Identity verification documents. As described in Section 2.1, identity verification documents are retained for the duration of active membership plus 12 months following account closure, or 3 years following an account ban, and are then permanently deleted. A record of verification status and date is retained separately for audit and compliance purposes.

Finally, we maintain information on the basis of our legitimate interest where there is an outstanding or potential issue, claim or dispute requiring us to keep information (in particular if we receive a valid legal subpoena or request asking us to preserve data, in which case we would need to keep the data to comply with our legal obligations, or if data would otherwise be necessary as part of legal proceedings).

8. Children's Privacy

Our services are restricted to individuals who are 18 years of age or older. We do not knowingly permit individuals under the age of 18 to create accounts or access the Service. We require all members to verify their age as a condition of accessing certain features As described in Section,

2.1. If you suspect that a member is under the age of 18, please use the reporting mechanism available on the service or contact us at

[email protected]. If we become aware that a member is under the age of 18, we will terminate their account and delete their personal information promptly.

9. Data Security and Breach Notification

FlyMeOut.io takes the security of your personal information seriously. We implement and maintain technical and organizational security measures designed to protect your personal information against unauthorized access, loss, destruction, or alteration. These measures include encrypted storage of sensitive data including identity verification documents, access controls limiting data access to authorized personnel with a legitimate need, secure transmission of data using industry-standard protocols, and regular review of our security practices.

While we take reasonable precautions to safeguard your information, no security system is impenetrable and we cannot guarantee the absolute security of your data. You are also responsible for maintaining the security of your account credentials.

Data breach notification. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, FlyMeOut.io will notify affected members and applicable regulatory authorities in accordance with the requirements of applicable law. Under the General Data Protection Regulation, this includes notifying the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach. Under applicable US state laws, we will provide notice to affected members within the timeframes required by law. Notification will describe the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach.

Reporting a security concern. If you believe your account has been compromised or you have a security concern related to FlyMeOut.io, please contact us immediately at [email protected].

10. Privacy Policy Changes

Because we're always looking for new and innovative ways to help you build meaningful connections and ensure our data practices remain current and transparent, this policy may change over time. We will notify you before any material changes take effect so that you have time to review the changes. Your continued use of the Service following notice of any material change constitutes your acceptance of the updated Privacy Policy. The most current version of this Privacy Policy will always be available on our website and within the Service.

11. California Privacy Statement (CCPA/CPRA)

This section supplements the Privacy Policy above and applies solely to residents of the State of California. It is provided pursuant to the California Consumer Privacy Act of 2018 ("CCPA") as amended by the California Privacy Rights Act of 2020 ("CPRA"). Terms not otherwise defined in this section have the meanings set forth in the CCPA/CPRA.

Categories of Personal Information We Collect

In the preceding 12 months, FlyMeOut.io has collected the following categories of personal information from California residents:

Identifiers. Name, email address, phone number, IP address, device identifiers, and government-issued identification document numbers (collected for age and identity verification purposes).

Personal information categories listed in the California Customer Records statute. Name, contact information, and payment card information.

Protected classification characteristics. Gender, date of birth, and age.

Commercial information. Records of purchases, subscriptions, and transactions.

Internet or electronic network activity. Browsing and usage data, app activity, and interaction data as described in Section 2.3.

Geolocation data. Approximate location derived from IP address; precise geolocation where you have provided consent.

Inferences. Inferences drawn from your profile and usage to understand your preferences and interests for the purpose of recommending relevant members and experiences. No automated profiling or decision-making algorithms are used.

Sources of Personal Information

We collect personal information directly from you, automatically through your use of the Service, and from third parties as described in Sections 2.1, 2.2, and 2.3 of this Privacy Policy.

Business or Commercial Purposes for Collection

We collect and use personal information for the purposes described in Section 3 of this Privacy Policy, including to provide and improve our services, facilitate bookings, communicate with you, ensure safety and security, and comply with legal obligations.

Categories of Third Parties with Whom We Share Personal Information

As described in Section 4, we share personal information with: (i) other members, as directed by you; (ii) Booking Providers, for the purpose of facilitating bookings; (iii) service providers including Klaviyo, Twilio, Meta, Firebase, Datadog, Branch.io, Metabase, and Stripe; (iv) law enforcement and regulatory authorities as required by applicable law.

Sale or Sharing of Personal Information

FlyMeOut.io does not sell your personal information to third parties for monetary consideration. To the extent that sharing personal information with advertising partners for interest-based advertising purposes constitutes a "sale" or "sharing" under the CCPA/CPRA, California residents have the right to opt out of such sharing as described in Section 6 of this Privacy Policy.

Your California Privacy Rights

California residents have the following rights under the CCPA/CPRA:

Right to Know. You have the right to request that we disclose what personal information we collect, use, disclose, and sell or share about you.

Right to Delete. You have the right to request that we delete personal information we have collected about you, subject to certain exceptions.

Right to Correct. You have the right to request that we correct inaccurate personal information we maintain about you.

Right to Opt-Out of Sale or Sharing. You have the right to opt out of the sale or sharing of your personal information. FlyMeOut.io does not sell personal information. To opt out of sharing for advertising purposes, contact us at [email protected] or activate the Global Privacy Control signal in your browser.

Right to Limit Use of Sensitive Personal Information. You have the right to limit our use of sensitive personal information (including government-issued identification and gender) to purposes necessary to provide the Service.

Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights.

How to Submit a Request

To exercise any of the above rights, please contact us at [email protected] or by mail at FlyMeOut Inc., Attn: Privacy, 1110 Brickell Avenue, Suite 400k-249, Miami, Florida 33131. We will respond to verifiable consumer requests within 45 days as required by law. We may extend this period by an additional 45 days where reasonably necessary, with prior notice. We may ask you to verify your identity before processing your request.

Shine the Light Disclosure

California Civil Code Section 1798.83 ("Shine the Light" law) permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. FlyMeOut.io does not disclose personal information to third parties for their own direct marketing purposes without your consent.

Authorized Agent

You may designate an authorized agent to submit requests on your behalf. To do so, please provide written authorization signed by you and contact us at [email protected]. We may still require you to directly verify your identity.

Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or your personal information, please contact us:

Email: [email protected]

Mail: FlyMeOut Inc., Attn: Privacy, 1110 Brickell Avenue, Suite 400k-249, Miami, Florida 33131

EU/UK Representative: EU/EEA, UK & Switzerland GDPR and DSA Representative (DataRep): [email protected] — quote "FlyMeOut Inc." in subject line | www.datarep.com/data-request | DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland.