Privacy Policy

At Flightshark (operated by Tenflux Limited), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and services. We are committed to protecting your personal data and being transparent about what information we collect and how we use it. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

**Information You Provide:** • Account information (name, email address, password) • Profile details (home city, travel preferences) • Search queries (origin, destination, dates, passenger numbers) • Trip planning data (group members, trip details) • Communications with us (support requests, feedback) **Information Collected Automatically:** • Device information (browser type, operating system, device ID) • Usage data (pages visited, features used, search history) • Location data (with your consent, for personalized recommendations) • Cookies and similar technologies (see our Cookie Policy) **Information from Third Parties:** • Social media data (if you sign in via Google or social accounts) • Analytics data from our partners

We use your information to: • **Provide our services:** Process searches, display flight results, enable trip planning • **Personalize your experience:** Show relevant destinations, price alerts, recommendations • **Communicate with you:** Send booking confirmations, travel reminders, updates • **Improve our platform:** Analyze usage patterns, fix bugs, develop new features • **Marketing:** Send promotional emails (with your consent), show relevant ads • **Security:** Detect fraud, protect against unauthorized access • **Legal compliance:** Meet our legal and regulatory obligations

Under GDPR, we process your data based on: • **Contract:** Processing necessary to provide our services to you • **Consent:** Where you have given explicit consent (e.g., marketing emails) • **Legitimate interests:** Improving our services, preventing fraud, analytics • **Legal obligation:** Compliance with laws and regulations You can withdraw consent at any time by contacting us or updating your preferences.

We may share your information with: **Service Providers:** • Cloud hosting providers (e.g., AWS, Google Cloud) • Analytics services (e.g., Google Analytics) • Email service providers • Customer support tools **Travel Partners:** • Airlines and booking platforms (when you click through to book) • Hotel and car rental providers • These partners have their own privacy policies **Legal Requirements:** • Law enforcement or government agencies when required by law • To protect our rights, privacy, safety, or property **Business Transfers:** • In connection with a merger, acquisition, or sale of assets We do not sell your personal information to third parties.

We use cookies and similar technologies to: • Keep you signed in • Remember your preferences • Analyze how you use our platform • Show personalized content and ads **Types of cookies we use:** • **Essential:** Required for the platform to function • **Functional:** Remember your preferences and settings • **Analytics:** Help us understand how you use our services • **Marketing:** Used to show relevant advertisements You can manage cookie preferences in your browser settings or through our cookie consent tool.

We retain your information for as long as necessary to: • Provide our services to you • Comply with legal obligations • Resolve disputes and enforce agreements **Retention periods:** • Account data: Until you delete your account + 30 days • Search history: 2 years • Transaction records: 7 years (for legal/tax purposes) • Analytics data: 26 months You can request deletion of your data at any time (see Your Rights).

Under GDPR, you have the right to: • **Access:** Request a copy of your personal data • **Rectification:** Correct inaccurate or incomplete data • **Erasure:** Request deletion of your data ("right to be forgotten") • **Restriction:** Limit how we process your data • **Portability:** Receive your data in a portable format • **Object:** Object to certain processing activities • **Withdraw consent:** Revoke consent for processing To exercise these rights, contact us at privacy@flightshark.com or use the settings in your account.

We implement appropriate security measures to protect your data: • Encryption of data in transit (TLS/SSL) and at rest • Regular security assessments and penetration testing • Access controls and authentication • Employee training on data protection • Incident response procedures While we take reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place: • Standard Contractual Clauses approved by the EU Commission • Adequacy decisions for certain countries • Other legally approved transfer mechanisms By using our services, you consent to these international transfers.

Flightshark is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of significant changes by: • Posting a notice on our website • Sending an email to registered users • Updating the "Last updated" date We encourage you to review this policy periodically.

If you have questions about this Privacy Policy or want to exercise your rights: **Data Controller:** Tenflux Limited Dublin, Ireland **Email:** privacy@flightshark.com **Data Protection Officer:** dpo@tenflux.com You also have the right to lodge a complaint with a supervisory authority (e.g., the Irish Data Protection Commission). Last updated: January 2026