Privacy Policy

About This Policy

This Privacy Policy explains how Villiers Jets Limited ("we", "us", "our") collects, uses, and protects your personal data when you use our website at villiers.ai and our services. Your privacy is important to us, and we are committed to protecting any personal data you provide.

This policy should be read alongside our Terms of Service.

Who We Are

Legal Entity: Villiers Jets Limited
Company Number: 08525860
Registered Address: Hurlingham Studios, London, SW6 3PA, United Kingdom
Contact Email: charter@villiersjets.com
Telephone: +44 (0)20 8163 6578

We operate as a charter broker, arranging private jet travel by connecting customers with third-party aircraft operators. We do not operate aircraft ourselves.

What Personal Data We Collect

"Personal data" means information relating to you as an identifiable individual. We collect the following types of personal data:

When You Enquire About or Book a Flight

• Name and contact details (email address, telephone number)
• Passport details (when required for booking confirmation)
• Payment information (processed securely through Stripe)
• Flight preferences (origin, destination, dates, passenger count)
• Special requests or requirements

When You Visit Our Website

• Browser fingerprint (user agent, screen resolution, timezone, language)
• Session data (session ID, visit duration, page views)
• Device type (desktop, tablet, mobile)
• Referrer URL (how you found our site)
• Interaction data (searches, scroll depth, clicks on tracked elements)

Important: Our analytics system is privacy-first and built in-house. We do not use third-party tracking services like Google Analytics. All analytics data is fully anonymised and stored on our own servers. We do not use cookies for tracking purposes.

When You Supply Other People's Data

If you book a flight for other passengers, you are responsible for ensuring those individuals are aware of and consent to our use of their data as described in this policy.

Authentication Data

We use Nostr-based authentication (a decentralised identity protocol) for account access. We store only your public key and authentication session data. We never store passwords.

How We Use Your Personal Data

We use your personal data only when:

• You have given us your consent
• It is necessary to deliver the services you have requested
• It is necessary to exercise or comply with legal rights or obligations
• It serves normal business purposes as described in this policy

Specific Purposes

• Processing flight enquiries and bookings
• Communicating with you about your flight or enquiry
• Sharing necessary details with aircraft operators to complete your booking
• Processing payments (via Stripe)
• Improving our website and services
• Complying with legal obligations
• Fraud prevention and security

Sharing Your Data with Third Parties

We do not sell or rent your personal data. We share data only in the following circumstances:

Aircraft Operators

When you confirm a booking, we share your name and passport details with the aircraft operator. In some cases (particularly for US operators requiring digital contract signatures), we may share your email address with explicit approval to enable operators to send contracts directly for e-signature.

Service Providers

• Payment Processing: Stripe (for secure payment processing)
• Email Services: AWS SES (for transactional emails such as booking confirmations and one-time passcodes)
• Hosting: Vercel (website hosting and infrastructure)

Legal Requirements

We may disclose your data if required to comply with applicable laws, regulations, legal processes, or government requests.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy. Specifically:

• Enquiry data: Retained for 24 months from date of enquiry for customer service and business analysis purposes
• Booking data: Retained for 7 years to comply with financial record-keeping obligations
• Analytics data: Fully anonymised, retained indefinitely for service improvement
• Authentication data: Retained while your account is active; deleted upon account closure

You may request deletion of your data at any time, subject to our legal obligations (see Your Rights below).

Your Rights Under UK GDPR

Under UK data protection law, you have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal obligations)
• Restriction: Request that we restrict processing of your data
• Portability: Request a copy of your data in a machine-readable format
• Objection: Object to processing of your data for certain purposes
• Withdraw Consent: Withdraw consent for marketing or other optional processing

To exercise any of these rights, please contact us at support@mail.villiers.ai with the subject line "Subject Access Request" and provide your enquiry reference number if applicable.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include:

• Encryption of data in transit (HTTPS/TLS)
• Secure storage of data on encrypted servers
• Access controls limiting who can view personal data
• Regular security audits and updates
• Nostr-based authentication (no password storage)

While we take all reasonable precautions, no internet-based service can be 100% secure. You are responsible for keeping your authentication credentials safe.

Cookies and Tracking

We do not use cookies for analytics or tracking purposes. The only cookies we use are:

• Authentication cookie: Essential for maintaining your logged-in session
• Session storage: Temporary browser storage for affiliate tracking (if you arrive via an affiliate link) and analytics session ID

Our analytics system uses browser fingerprinting (user agent, screen resolution, timezone) to track aggregate usage patterns without cookies. This data is fully anonymised and cannot be used to identify you personally.

International Transfers

Your data is primarily stored in the UK and EU. Some service providers (such as Stripe and AWS) may process data outside the EEA, but only with appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you are under 18, you must have parental consent to use our services.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):