← Back

Privacy Policy

1. Controller

FlyAndLure OÜ, Tallinn, Estonia. Email: datenschutz@flyandlure.eu

2. Data Collected

We collect and process the following data:

  • Name and email address for inquiries and bookings
  • Payment data through our payment provider Stripe
  • Usage data via Plausible Analytics (cookieless, GDPR compliant)

3. Purpose of Processing

Data is used exclusively for the mediation and booking of guiding services.

4. Legal Basis

Processing is based on Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest).

5. Services and Data Processors

5.1 Hosting and CDN — Cloudflare

Our website is hosted and delivered via Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Access data (IP address, timestamp, pages visited) is processed. Cloudflare is certified under the EU-US Data Privacy Framework. Images are delivered via Cloudflare Images (imagedelivery.net).

5.2 Database and Authentication — Supabase

We use Supabase, Inc. (970 Toa Payoh North, Singapore) for data storage and authentication. An essential auth cookie is set upon login (no tracking cookies). Legal basis: Art. 6(1)(b) GDPR.

5.3 Payment Processing — Stripe

Payments are processed via Stripe, Inc. (510 Townsend St, San Francisco, CA 94103, USA). Stripe receives the data required for payment processing (name, email, payment information). Privacy policy: https://stripe.com/privacy

5.4 Web Analytics — Plausible Analytics

We use Plausible Analytics (Plausible Insights OÜ, Tallinn, Estonia) for website usage analysis. Plausible operates entirely without cookies, stores no personal data, and is GDPR compliant. No data is shared with third parties.

5.5 Map Display — CARTO / OpenStreetMap

For interactive map display, we load map tiles from CARTO (basemaps.cartocdn.com). Your IP address is transmitted to CARTO in this process. Map data is provided by OpenStreetMap contributors. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in displaying trip locations).

5.6 Email Delivery — Resend

For sending transactional emails (booking confirmations, reminders), we use Resend, Inc. (San Francisco, USA). Resend receives the email address and message content.

5.7 Error Monitoring — Sentry

For detecting and resolving technical errors, we use Sentry (Functional Software, Inc., San Francisco, USA). Sentry captures technical error data (error messages, browser type, anonymised IP). No personal data is intentionally collected.

5.8 AI Chat Assistant — Anthropic

Our chat assistant uses the API of Anthropic, PBC (San Francisco, USA). Chat messages are transmitted to Anthropic for processing. Anthropic does not store user data beyond processing (Zero Data Retention API). Legal basis: Art. 6(1)(a) GDPR (consent through use of the chat).

6. Cookies

This website uses only technically necessary cookies for authentication (login). No tracking or marketing cookies are used. A cookie banner is therefore not required.

7. Your Rights

You have the right to access, rectification, erasure, restriction of processing, data portability, and objection. Contact: datenschutz@flyandlure.eu

8. Data Export

You can request an export of your data at any time at /datenexport.

9. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

As of: April 2026 — Version 2 (Draft, legal review pending)

Version 2 · Effective from 19 April 2026