Privacy Policy

For processing related to the website and the My Flyingcode mobile app, as well as general enquiries, Flyingcode acts as the controller of the personal data processed through these platforms.

If you have questions about how your data is handled or if you want to exercise your privacy rights, you can contact us at legal@flyingcode.eu.

When you contact us or use our website, we may collect personal data that you provide directly, including your name, email address, phone number, company name, project details, and any other information you choose to share in contact forms, emails, or meetings.

We may also collect limited technical information required to operate and secure the website, such as IP address, browser type, device information, language preferences, server logs, and basic page request data. Where cookies are used, they are described in our Cookie Policy.

When you use the My Flyingcode app, we may additionally collect: your name and email address when you register or sign in (including via Apple Sign In); messages you send through the in-app project chat; your language and notification preferences; your device token for push notifications if you choose to enable them; and information needed to link your account to a client workspace, such as a link code. The app may also request access to your device camera solely for scanning QR codes used in account linking. The app does not collect location data, contacts, or any analytics or advertising identifiers, and does not include any third-party analytics or crash reporting SDKs.

Where applicable under the General Data Protection Regulation (GDPR) and related EEA privacy laws, we process personal data on one or more of the following legal bases: to take steps at your request before entering into a contract, to perform a contract, to comply with legal obligations, to pursue legitimate business interests, and, where required, on the basis of your consent.

Our legitimate interests may include responding to business enquiries, maintaining website security, preventing misuse, managing client relationships, and improving our services. If we rely on consent for any non-essential processing, you may withdraw that consent at any time.

We use personal data to respond to enquiries, prepare proposals, deliver our services, manage projects, communicate with clients and prospective clients, maintain website and app functionality and security, comply with legal obligations, and protect our legitimate business interests.

In the My Flyingcode app, we use your data to authenticate your account, deliver project updates and invoices, enable in-app messaging, send push notifications you have opted into, display Live Activities on your lock screen (such as account link codes, unpaid invoices, and project progress), and manage account linking between users and client workspaces.

We do not sell or rent personal data, and we do not share personal data with third parties for their own marketing purposes. Where we work with service providers, they process data only on our instructions and under appropriate contractual and confidentiality safeguards.

We may share personal data with trusted processors and suppliers who help us provide our website and services, such as hosting, infrastructure, email, communication, security, backup, and professional advisory providers. We only share the data that is necessary for the relevant purpose.

We may also disclose personal data where required by law, regulation, court order, or legitimate requests from public authorities, or where disclosure is necessary to establish, exercise, or defend legal claims.

Where possible, we store and process personal data within the European Economic Area (EEA). If personal data is transferred outside the EEA, we take appropriate safeguards to ensure that the transfer is lawful and that your data remains protected.

These safeguards may include adequacy decisions, the European Commission's Standard Contractual Clauses, or other lawful transfer mechanisms recognised under applicable data protection law.

We keep personal data only for as long as necessary for the purpose for which it was collected, for as long as required to manage our relationship with you, and for as long as needed to comply with legal, accounting, tax, or contractual obligations.

Contact form submissions and general business enquiries are typically retained for up to 24 months unless a longer retention period is justified, for example where discussions develop into a project or where the law requires a longer retention period.

In the My Flyingcode app, authentication tokens are stored securely on your device and removed when you log out. Locally cached data (such as your profile) is scoped to your account and cleared on logout. If you delete your account through the app, your personal data is removed from our servers.

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, disclosure, alteration, or destruction. These measures may include access controls, encryption, secure hosting, logging, and internal procedures for handling personal data responsibly.

In the My Flyingcode app, authentication tokens are stored in the iOS Keychain, which provides hardware-level encryption. If you enable biometric authentication (Face ID or Touch ID), your credentials remain securely stored in the Keychain and require biometric verification to access the app. The app communicates with our servers exclusively over HTTPS. No third-party analytics, advertising, or crash reporting services are integrated into the app.

Even so, no website, app, infrastructure, or method of transmission over the internet can be guaranteed to be completely secure. We therefore cannot guarantee absolute security.

All websites, applications, APIs, databases, backups, and other infrastructure that Flyingcode operates — both for our own services and for the client projects we deliver — are hosted on servers located within the European Union or the European Economic Area.

This means personal data and business data handled through the services we provide remain within the EU/EEA, subject to the protections of the General Data Protection Regulation (GDPR) and European data-protection standards. Customers of our services, and end users of the products we build, can rely on EU-based hosting as a baseline.

Where we engage third-party processors (for example hosting, email, communication, backup, or security providers), we select providers that host data within the EU/EEA. Where a transfer outside the EU/EEA is unavoidable, we rely on recognised transfer mechanisms such as Standard Contractual Clauses.

Subject to applicable law, you may have the right to request access to your personal data, rectification of inaccurate data, deletion, restriction of processing, portability, objection to certain processing, and withdrawal of consent where processing is based on consent.

You also have the right to lodge a complaint with a competent supervisory authority. If you are in Ireland, this is the Data Protection Commission (DPC). You may also contact the supervisory authority in the EEA country where you live or work.