Privacy policy

Last updated: May 20, 2026

This Privacy Policy explains what FlightSweeper (a product of FinSync LLC, d/b/a Raintree Technology) collects, how we use it, who we share it with, and the rights you have over your data.

1. Information we collect

You give us

• Account data: email address, password hash, name (optional), preferences.
• Passenger data for bookings: name, date of birth, gender, lead contact phone and email. For international itineraries we may also collect passport number, nationality, and expiry as required by the airline or destination country.
• Search inputs: origins, destinations, dates, cabin class, passenger counts.
• Saved routes and watched routes (Pro feature).
• Support correspondence when you email us.

We collect automatically

• Device and log data: IP address, user agent, request timestamps (for security, fraud prevention, and rate limiting).
• Usage data: pages viewed, sweeps run, anonymous interaction events.
• Cookies and similar technologies: see our Cookie Policy.

We do not collect

• Payment card numbers — payment data is collected directly by our payment processors (Duffel, Stripe) and never touches our servers.

2. How we use information

• To provide the service: run sweeps, issue tickets, manage subscriptions, send receipts.
• To communicate: transactional emails (booking confirmations, schedule changes, account notices) and, with your consent, marketing emails you can unsubscribe from at any time.
• To improve and secure the product: troubleshooting, fraud prevention, abuse detection, analytics.
• To comply with legal obligations.

3. Legal bases (EEA/UK users)

Where the GDPR or UK GDPR applies, we rely on these legal bases: contract (to provide bookings you request), legitimate interests (security, fraud prevention, product improvement, where not overridden by your rights), consent (marketing emails, non-essential cookies), and legal obligation (tax, anti-fraud, regulatory).

4. How we share information

• Airlines and travel suppliers: passenger details and itinerary data necessary to issue the ticket.
• Payment processors: Duffel (for flight payments) and Stripe (for subscriptions).
• Service providers (sub-processors): Resend (transactional email), Neon (Postgres database), Upstash (ephemeral Redis), Vercel (hosting), and analytics or fraud-detection tools we may add. We require each to use the data only to provide services to us.
• Legal and safety: when required by subpoena, court order, or to protect rights, property, or safety.
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this policy.

We do not sell your personal information for money. We do not share personal information for cross-context behavioral advertising.

5. Security

We take reasonable administrative, technical, and physical safeguards to protect personal information. Passenger PII (name, date of birth, gender, document numbers when collected) is encrypted at rest using AES-256-GCM, with the encryption key held separately from the database. Passwords are hashed. Transport is encrypted via TLS. No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify affected users and applicable regulators as required by law.

6. Retention

• Account data is retained while your account is active and for a reasonable period after closure for tax, fraud, and dispute purposes.
• Booking records are retained for at least seven years to comply with tax and accounting obligations.
• Shareable sweep result links remain accessible for seven days from creation, after which they expire.
• Log and security data is retained for up to 12 months.
• On a verified deletion request, we erase personal data we are not legally required to retain.

7. International transfers

FlightSweeper is operated from the United States. If you access the service from outside the US, your data will be transferred to and processed in the US and in any country where our sub-processors operate. Where required, we rely on Standard Contractual Clauses or other approved transfer mechanisms.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, email hello@flightsweeper.com. We will respond within the timeframe required by applicable law (generally 30–45 days). We will not discriminate against you for exercising these rights.

California residents (CCPA / CPRA)

Categories of personal information collected in the last 12 months: identifiers (email, IP), customer records (name, DOB, contact details for bookings), commercial information (purchase history), internet activity (usage), and inferences from the above. We disclose data to the service providers listed in Section 4 for business purposes. We do not sell personal information and do not share it for cross-context behavioral advertising. You may request access, deletion, correction, and limit use of sensitive personal information. You may designate an authorized agent. You may also submit a request via Do Not Sell or Share My Personal Information (also reachable by emailing us).

EEA, UK, and Swiss residents (GDPR / UK GDPR)

In addition to the rights above, you may lodge a complaint with your local supervisory authority. Our legal bases are described in Section 3.

9. Children

FlightSweeperis not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children for account creation. When a parent or guardian books travel for a minor passenger, they provide information on the minor's behalf for the purpose of issuing the ticket.

10. Cookies

See our Cookie Policy for details on the cookies and similar technologies we use, and how to manage them.

11. Changes

We may update this policy from time to time. Material changes will be communicated by email or in-product notice. The “Last updated” date at the top of this page reflects the most recent revision.

12. Contact

FinSync LLC (d/b/a Raintree Technology)
FinSync LLC, California, USA
Email: hello@flightsweeper.com