Privacy Policy UNDER REVIEW

The data controller responsible for your personal data is:

Important: 2paraglide operates as a marketplace platform (similar to Uber or Airbnb). We connect customers with independent paragliding service providers (pilots/operations).

• 2paraglide processes your data for booking, payment, and platform services
• Pilots process your data for providing the flight service
• Both 2paraglide and pilots are separate data controllers for their respective activities
• This Privacy Policy covers only 2paraglide's data processing
• Each pilot has their own privacy obligations (ask them directly for their privacy practices)

When You Create an Account:

• Name: First and last name
• Email address: For account login and communications
• Phone number: For booking confirmations and pilot contact
• Password: Encrypted and stored securely
• Profile photo: Optional, if you choose to upload one

When You Make a Booking:

• Passenger details: Names, ages, weights (required for flight safety)
• Medical information: Health conditions, medications (pilot safety assessment)
• Special requirements: Disabilities, accessibility needs, dietary restrictions
• Emergency contact: Name and phone number of emergency contact person
• Booking preferences: Flight date, time, package, number of passengers

Payment Information:

• Payment details: Credit/debit card information (processed by our payment provider)
• Billing address: Name, address, postal code, country
• Transaction history: Booking amounts, refunds, platform credits

Note: We do NOT store your full credit card numbers. Our payment processor (Stripe/similar) handles all card data securely according to PCI-DSS standards.

Communications:

• Customer support messages: Your inquiries, complaints, feedback
• Reviews: Ratings and reviews you leave for pilots
• Survey responses: If you participate in customer surveys

Technical & Usage Data:

• Device information: Device type, operating system, browser type
• IP address: For security, fraud prevention, and approximate location
• Log data: Pages visited, time spent, clicks, search queries
• Cookies: See our Cookie Policy for details
• Location data: Approximate location from IP (not precise GPS tracking)

Analytics & Performance:

• Google Analytics: Website traffic, user behavior (if you consent)
• Performance metrics: Page load times, errors, crashes
• Conversion tracking: Booking completions, funnel drop-offs

• Social login: If you sign up with Google/Apple, we receive your name, email, and profile photo
• Payment processors: Transaction confirmation, payment status
• Pilots: Feedback about your flight experience (for quality control)
• Fraud prevention services: Risk scores to prevent fraudulent bookings

Paragliding Pilots/Service Providers

What we share: Your name, phone number, email, booking details, passenger information (names, ages, weights), medical information (for safety assessment)

Why: Pilots need this information to contact you, prepare for your flight, and assess safety requirements

Note: Pilots are independent data controllers. They have their own privacy obligations. Ask your pilot directly about their privacy practices.

Payment Processors

Who: Stripe (or similar payment processor)

What we share: Name, email, billing address, payment amount

Why: To process your payment securely

Payment processors are PCI-DSS certified and handle your card data securely. We never see your full card number.

Service Providers & Infrastructure

We use trusted service providers to operate our platform:

• Cloud hosting: AWS, Google Cloud, or similar (data storage and servers)
• Email services: SendGrid, Mailgun, or similar (booking confirmations, notifications)
• Analytics: Google Analytics (website traffic analysis, with your consent)
• Customer support: Zendesk, Intercom, or similar (support ticket management)
• Security: Cloudflare (DDoS protection, security)

All service providers are bound by data processing agreements (DPAs) and must comply with Swiss/EU data protection standards.

Legal Authorities & Law Enforcement

When: Only when legally required or to protect rights

• Court orders, subpoenas, legal requests
• Compliance with Swiss tax and accounting laws
• Investigation of fraud, illegal activity, or safety threats
• Protection of our legal rights in disputes

Business Transfers

If 2paraglide is acquired, merged, or undergoes a business reorganization, your personal data may be transferred to the new entity. We will notify you of any such change and your data will remain protected under this Privacy Policy (or an equivalent).

Safeguards for International Transfers

When we transfer data outside Switzerland, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): EU-approved contract terms with service providers
• Adequacy decisions: Swiss FDPIC recognizes certain countries as having adequate protection (e.g., EU, UK)
• Data Processing Agreements (DPAs): Legal contracts requiring data protection
• EU-US Data Privacy Framework: For US-based processors (if applicable)

Your rights apply worldwide: Even if your data is processed outside Switzerland, you retain all your rights under Swiss FADP.

How to Exercise Your Rights

To exercise any of your data protection rights:

1. Log into your account → Settings → Privacy & Data (for most requests)
2. OR email us: privacy@2paraglide.com with:
   • Your full name and email address (for verification)
   • Description of your request (e.g., "I request deletion of my account")
   • Any supporting information
3. We will respond within 30 days (or explain why we need more time)

Identity verification: For security, we may ask you to verify your identity before processing certain requests (e.g., data access, deletion).

What are cookies?

Cookies are small text files stored on your device when you visit our website. They help us remember your preferences, keep you logged in, and understand how you use our platform.

For Complete Cookie Information

For detailed information about the cookies we use, how they work, and how to manage them, please see our:

Quick Summary:

• Essential cookies: Required for site functionality (login, bookings) — no consent needed
• Analytics cookies: Google Analytics, performance tracking — consent required
• Marketing cookies: Facebook Pixel, ad retargeting — consent required
• You control cookies: Manage preferences in our cookie banner or browser settings

Age Requirement: Our platform is intended for users aged 16 years and older.

We do not knowingly collect personal data from children under 16 without parental consent. If you are under 16:

• You must have a parent/legal guardian create an account on your behalf
• Your parent/guardian must provide consent for your paragliding flight
• We collect the minimum necessary information for safety purposes only

Parents/Guardians: If you believe your child has provided personal data without your consent, please contact us immediately at privacy@2paraglide.com and we will delete it promptly.

How We Notify You of Changes

• Material changes: We will notify you by email and/or prominent notice on our website at least 30 days before changes take effect
• Minor changes: We will update the "Last Updated" date at the top of this policy
• Your continued use: By continuing to use 2paraglide after changes take effect, you accept the updated Privacy Policy

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data.

Step 1: Contact Us First

Please contact our Data Protection Officer first:

Step 2: Swiss Supervisory Authority

If you are not satisfied with our response, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC):