TripDesk Flights

Privacy Policy

How TripDesk Flights protects your data

Last updated: 2026-01-20

We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information in compliance with the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (revDSG).

1. Data Controller

The controller responsible for your personal data is Monswyk AG.

2. Data We Collect

We collect the following types of personal data:

  • Account Information: Name, email address, password (encrypted), profile photo
  • Flight Data: Personal flight records, trip information, travel statistics
  • Usage Data: How you interact with our service, preferences, settings
  • Communication Data: Support tickets, feedback, and correspondence

We do not collect sensitive personal data such as health information, biometric data, or political opinions.

3. Purpose and Legal Basis

We process your personal data for the following purposes:

  • Service Provision: To provide flight tracking, analytics, and trip management features
  • Account Management: To create, maintain, and secure your user account
  • Customer Support: To respond to your inquiries and provide assistance
  • Service Improvement: To analyze usage patterns and enhance our features
  • Legal Compliance: To comply with applicable laws and regulations

Legal Basis: Our processing is based on:

  • Contract Performance (Art. 6(1)(b) GDPR): To provide the services you requested
  • Legitimate Interest (Art. 6(1)(f) GDPR): To improve our services and ensure security
  • Consent (Art. 6(1)(a) GDPR): For optional features like analytics and marketing

4. Data Storage and Location

Primary Data Storage: Switzerland (compliant with Swiss Federal Act on Data Protection)

Application Servers: European Union (compliant with GDPR)

Third-Party Services:

  • Google Analytics: Website analytics (USA, with Standard Contractual Clauses)
  • Flight Data APIs: External flight information (various locations)

All data transfers outside the EU/Switzerland are protected by appropriate safeguards.

5. Data Sharing

We do not sell, rent, or trade your personal data. We may share data only in these limited circumstances:

  • Service Providers: With trusted third parties who help us operate our service (under strict data protection agreements)
  • Legal Requirements: When required by law or to protect our rights and safety
  • Business Transfers: In case of merger or acquisition (with notice)
  • Consent: When you explicitly consent to sharing

6. Data Security

We implement comprehensive security measures to protect your data:

  • Encryption: Data encrypted in transit (TLS) and at rest
  • Access Controls: Strict access controls and authentication
  • Regular Audits: Security assessments and vulnerability testing
  • Staff Training: Privacy and security training for all employees
  • Incident Response: Procedures for handling security incidents

7. Data Retention

We retain your personal data only as long as necessary:

  • Account Data: Until you delete your account or request deletion
  • Flight Data: Until you delete your account or specific data
  • Support Data: 3 years after resolution of support requests
  • Analytics Data: Always anonymized, no personal data collected

Upon account deletion, we will delete your personal data within 30 days, except where legal obligations require longer retention.

8. Your Rights

Under GDPR and Swiss privacy law, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for optional processing

To exercise these rights, contact us via our contact form. We will respond within 30 days.

9. Cookies and Tracking

We use cookies and similar technologies:

  • Essential Cookies: Required for basic functionality (cannot be disabled)
  • Analytics Cookies: Help us understand usage patterns (optional, require consent)
  • Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings or our cookie consent banner.

10. Third-Party Services

Our service integrates with third-party providers:

  • Google Analytics: Website analytics (see Google's privacy policy)
  • Flight APIs: External flight data providers

These services have their own privacy policies. We recommend reviewing them.

11. International Transfers

Some of our service providers are located outside the EU/Switzerland:

  • USA: Google Analytics (protected by Standard Contractual Clauses)
  • Other Countries: Flight data APIs (protected by appropriate safeguards)

All international transfers are protected by appropriate legal mechanisms.

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it immediately.

13. Data Breaches

In the unlikely event of a data breach, we will:

  • Notify relevant authorities within 72 hours
  • Inform affected users without undue delay
  • Take immediate steps to contain and remediate the breach
  • Conduct a thorough investigation and implement preventive measures

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

  • Notify you of material changes via email or service notification
  • Update the "Last updated" date at the top of this policy
  • Provide a summary of changes for significant updates

Continued use of our service after changes constitutes acceptance of the updated policy.

15. Contact Information

For privacy-related questions or to exercise your rights, contact us:

We will respond to all privacy inquiries within 30 days.