Privacy Policy | SkyAid
GDPR & UK GDPR

Privacy Policy

Effective Date: 1 May 2026  •  Version: 1.3
Contact the Controller
What changed in v1.3 (1 May 2026): We added a clearer description of the engagement events we record when you use your case portal (e.g., page visits, upload attempts and outcomes), the lawful bases for that processing, and a specific 90-day retention period for these diagnostic events.

1. Introduction

SkyAid values your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website or services.

2. Controller & Contact

The data controller is Søren P Nielsen, CPA, operating the SkyAid platform (skyaid.eu). For any privacy requests, email [email protected].

3. Data We Collect

  • Identity & contact details (name, email, phone—when you create an account or submit a claim).
  • Flight details & booking references (to assess eligibility and process claims).
  • Uploaded documents (e.g., boarding passes, tickets, receipts).
  • Technical data (IP address, browser, device, security logs).
  • Customer portal activity: when you access your case portal we record limited engagement events — for example, the date and time of your most recent portal visit, when you open the upload form, when you submit documents, when you save a booking reference or bank details, and whether such actions completed successfully or returned an error. This helps us detect technical issues (such as upload failures) and provide better support.
  • Support/chat content you provide via our website widget.
  • Payment/payout details as required to remit compensation.

4. How We Use Your Data

  • To check and process flight compensation eligibility and manage your claim.
  • To extract information from documents (e.g., using Google Cloud Vision API) that you upload.
  • To communicate with you about status, evidence requests, and payouts.
  • To monitor and maintain the reliability of the customer portal — for example, to detect when document uploads fail so we can fix the underlying issue and follow up with affected customers.
  • To follow up with customers who appear to need help completing required steps in their case.
  • To operate, secure, and improve our site and services (including fraud prevention and diagnostics).
  • To comply with legal, accounting, and regulatory obligations.

5. Lawful Bases

We process your data on the following legal bases under GDPR/UK GDPR:

  • Contract: to provide our services and manage your claim. This includes recording portal engagement events necessary to deliver and support the service.
  • Legitimate interests: service quality, security, fraud prevention, technical diagnostics, and defending legal claims.
  • Legal obligation: record-keeping and compliance requirements.
  • Consent: where required (e.g., certain cookies or optional communications). You can withdraw consent at any time.

6. Sharing & Processors

We do not sell your personal data. We share data only with service providers (processors) under data processing agreements, strictly for our purposes:

  • Document processing: Google Cloud Vision API (to extract data from your uploaded files).
  • Security & performance: Cloudflare (DDoS protection, CDN, TLS, web application firewall). Connection data may be logged temporarily for security.
  • Customer support chat: Our website chat provider (e.g., Tawk.to) to handle live messages.
  • Email & productivity: Our email provider to deliver notifications and replies.
  • Payments/payouts: Payment and payout partners (e.g., Wise) to remit compensation to you.
  • Legal partners: When required to advance or defend a claim.

We may disclose data if required by law or to protect rights, safety, and the integrity of our services.

7. International Transfers

Some providers may process data outside your country. Where applicable, we use safeguards such as the EU Standard Contractual Clauses, UK addendum, or equivalent mechanisms.

8. Data Retention

  • Case files & invoices: up to 7 years (legal/accounting).
  • Support/chat logs: up to 24 months.
  • Security & access logs: up to 12 months.
  • Portal engagement events (detailed diagnostic events such as upload attempts and modal interactions): retained for 90 days, then automatically deleted. The aggregate “last seen” timestamp on your case is retained for the lifetime of the case to support follow-up and service delivery.
  • We may retain limited data longer if needed to establish, exercise, or defend legal claims.

9. Your Rights

  • Access, rectification, deletion, and restriction.
  • Objection to processing based on legitimate interests.
  • Data portability (where applicable).
  • Right to withdraw consent (where processing is based on consent).
  • Right to lodge a complaint with your data protection authority.

To exercise your rights, email [email protected]. We will respond within statutory timelines.

10. Cookies

We use essential/functional cookies to operate the site (e.g., session, security, preferences). We do not use advertising cookies. Where non-essential cookies are used, we request consent.

11. Data Security

We use HTTPS/TLS, access controls, encryption at rest where applicable, and other safeguards. Document uploads are processed securely and are not visible to other users.

12. Children’s Data

Our services are not directed to children under 16. If you believe a child has provided data to us, contact [email protected] so we can address it.

13. Changes to this Policy

We may update this Policy from time to time. We will post the latest version here with a new effective date. Material changes (such as new categories of data we collect) will be highlighted in a change-log notice at the top of this page for at least 30 days following the update.

14. Contact

For questions or privacy requests, contact: [email protected]