Privacy Policy

Last updated: March 1, 2026

Flicket ("we", "us", or "our") operates the website www.flicket.me and provides flight reservation services for visa applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our service. By using Flicket, you consent to the data practices described in this policy.

1. Information We Collect

We collect only the information necessary to create and deliver your flight reservation. This includes:

Personal Identification Data

  • Full name (as it appears on your passport or travel document)
  • Date of birth
  • Nationality
  • Passport number and expiration date
  • Gender
  • Email address

Flight Preferences

  • Departure and destination airports
  • Preferred travel dates
  • Number of passengers
  • Cabin class preference

Payment Information

  • Payment method details (processed securely by Stripe or NowPayments)
  • Billing address
  • Transaction records

We do not store your full credit card number, CVV, or cryptocurrency wallet keys. All payment data is handled directly by our payment processors.

2. How We Use Your Information

Your personal data is used exclusively for the following purposes:

  • Creating flight reservations — Submitting your passenger details to the airline Global Distribution System (GDS) to generate a valid PNR code.
  • Generating your itinerary document — Producing a PDF reservation confirmation with your booking details.
  • Processing payments — Completing your purchase through Stripe (card) or NowPayments (cryptocurrency).
  • Sending booking confirmations — Delivering your reservation details and itinerary PDF via email through Resend.
  • Customer support — Addressing inquiries, resolving issues, and processing refund requests.
  • Service improvement — Analyzing aggregated, anonymized usage data to improve the booking experience.

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

3. Third-Party Service Providers

We share your data only with trusted third-party providers essential to delivering our service:

GDS Partners

Receives passenger name, date of birth, gender, nationality, and passport details to create the airline reservation and generate a PNR code. Our GDS partners connect directly to airline systems.

Stripe (Payment Processor)

Processes credit and debit card payments. Stripe is PCI DSS Level 1 certified. We do not have access to your full card details.

NowPayments (Cryptocurrency Processor)

Processes cryptocurrency payments for users who prefer this option. Transaction details are handled by NowPayments.

Supabase (Database & Authentication)

Stores your account information and booking records in a PostgreSQL database. Supabase provides authentication services and data is encrypted at rest and in transit.

Resend (Email Service)

Delivers transactional emails including booking confirmations, itinerary PDFs, and support communications. Resend receives your email address and name for delivery purposes.

Each provider processes data only as necessary to perform their specific function and is bound by their own privacy policies and data protection obligations.

4. Data Retention and Deletion

  • Booking data — Retained for 12 months after the reservation date to handle support requests and refund claims, then automatically deleted.
  • Passport details — Deleted within 30 days after your reservation is created and delivered. We do not retain passport information longer than necessary.
  • Payment records — Transaction references (not full card details) are retained for 24 months for accounting and tax compliance purposes.
  • Account data — Retained as long as your account is active. You may request deletion at any time.
  • Email communications — Transactional email logs are retained for 6 months.

You may request immediate deletion of your personal data at any time by contacting us at support@flicket.me. We will process your request within 30 days.

5. Cookies

Flicket uses minimal, functional cookies only. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

Cookies We Use

  • Session cookie — Maintains your authenticated session while using the service. Expires when you close your browser or after 7 days.
  • Authentication token — Securely identifies your account for authenticated requests. Managed by Supabase Auth.
  • CSRF token — Protects against cross-site request forgery attacks on form submissions.

No cookie consent banner is required because we only use strictly necessary cookies. You can disable cookies in your browser settings, but this may prevent you from using our service.

6. Data Security

We implement industry-standard security measures to protect your personal data:

  • All data is transmitted over HTTPS (TLS 1.2+)
  • Database encryption at rest via Supabase
  • PCI DSS compliant payment processing via Stripe
  • Row-level security policies on all database tables
  • Regular security audits of our infrastructure
  • Minimal data collection principle — we collect only what is required

7. Your Rights (GDPR and Applicable Law)

If you are located in the European Economic Area (EEA), United Kingdom, or any jurisdiction with equivalent data protection laws, you have the following rights:

  • Right of Access — Request a copy of the personal data we hold about you.
  • Right to Rectification — Request correction of inaccurate or incomplete data.
  • Right to Erasure — Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing — Request that we limit how we use your data.
  • Right to Data Portability — Request your data in a structured, machine-readable format.
  • Right to Object — Object to our processing of your data for specific purposes.
  • Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at support@flicket.me. We will respond within 30 days. If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority.

8. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract performance — Processing is necessary to fulfill our service agreement with you (creating and delivering your flight reservation).
  • Legitimate interest — Processing for fraud prevention, service improvement, and customer support.
  • Legal obligation — Retaining transaction records for tax and accounting compliance.

9. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States, where our service providers operate. We ensure that any international transfers comply with applicable data protection laws through standard contractual clauses or other appropriate safeguards.

10. Children's Privacy

Flicket is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of Flicket after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, contact us at:

We aim to respond to all privacy inquiries within 30 days.