Privacy Policy

• Account information: name, email, phone, billing address.
• Travel preferences: origin/destination, dates, party size, special requests.
• Payment information: processed by Stripe; we never store full card numbers.
• Operator/partner data: business contact info, certificate numbers, base airports.
• Usage data: log files, device and browser info, pages viewed, email opens (transactional only).

• To source flights and experiences, and to coordinate them with operators on your behalf.
• To send transactional notifications (booking confirmations, empty-leg alerts you’ve opted into).
• To bill membership dues and reconcile partner payments.
• To improve the service, prevent fraud, and comply with legal obligations.

To fulfill a flight or experience, we share necessary booking details (name, contact, party size, manifest data required by the operator) with the operating carrier or partner. Operators are independent businesses and process your data under their own privacy policies once you contract with them.

We use vetted vendors to run the service: Stripe (payments), Resend (transactional email), Supabase (database & authentication), Cloudflare (hosting), and analytics/error tools. Each is bound by data-processing terms and has access only to the data necessary for their role.

Transactional emails (account, booking, empty-leg alerts you subscribed to) are part of the service. You may opt out of marketing emails at any time via the unsubscribe link or by emailing us.

We retain account and booking records for as long as your membership is active and for up to 7 years after, to satisfy tax, accounting, and regulatory requirements. Marketing preferences are honored indefinitely.

You may request access to, correction of, or deletion of your personal information by emailing privacy@northstarairconcierge.com. California, Florida, and EU/UK residents have additional rights under applicable law, including the right to opt out of the “sale” or “sharing” of personal information (we do not sell personal information).

We use encryption in transit (TLS) and at rest, role-based access controls, and least-privilege server credentials. No system is perfectly secure; promptly report suspected vulnerabilities to security@northstarairconcierge.com.

The service is not directed to children under 16. We do not knowingly collect data from children.

When you submit a trip request, we share your name, email, phone, route, dates, party size, and notes with vetted operators whose base airport matches your origin or destination so they can quote. We do not share your information with operators who are not actively quoting. If you accept a quote, the operator receives your contact details to confirm the booking and bill you directly. Operators handle that contact data under their own privacy policies once the booking contract is formed with them.

We use a small number of strictly-necessary cookies (session, authentication, CSRF) and aggregated, privacy-respecting analytics to understand how the site is used. We do not use third-party advertising cookies or cross-site tracking. You can disable non-essential cookies in your browser settings without affecting core functionality.

Eligible residents have the right to know, access, correct, delete, and port their personal information, and to opt out of any "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising). EU/UK residents may also object to processing and lodge a complaint with their supervisory authority. To exercise these rights, email privacy@northstarairconcierge.com. We respond within the timeframes required by applicable law.

Every marketing email includes a one-click unsubscribe link. We honor opt-outs immediately and maintain a suppression list so unsubscribed addresses never receive marketing again. Transactional messages required to deliver the service (booking confirmations, quote notifications, password resets) are not subject to unsubscribe.

Northstar is operated from the United States. If you access the service from outside the U.S., your information will be transferred to and processed in the U.S. We rely on standard contractual clauses with our service providers where required.

We’ll post updates here and email members for material changes.

privacy@northstarairconcierge.com