Jetaxia Privacy Policy

1. Introduction

1.1 About This Policy

This Privacy Policy describes how Aviluxe Aviation LLC d/b/a Jetaxia ("Jetaxia," "we," "us," or "our") collects, uses, discloses, and protects personal information when you access or use our platform, website at jetaxia.com, web and mobile applications, APIs, branded booking forms, and related services (collectively, the "Platform").

1.2 Who This Policy Applies To

This Policy applies to:

• (a) aircraft owners, operators, and management companies who use the Platform to book aviation services ("Customers");
• (b) service providers who perform aircraft detailing, coating, cleaning, ground handling, and related services through the Platform ("Vendors");
• (c) trip support partners, FBOs, MROs, and similar intermediaries who book services through or refer users to the Platform ("Trip Support Partners" or "TSPs");
• (d) visitors to our public websites and marketing pages; and
• (e) any other individual whose personal information we process in connection with the Platform.

1.3 Legal Entity and Contact

Aviluxe Aviation LLC d/b/a Jetaxia is a Texas limited liability company and is the controller (or, where applicable, the business) responsible for your personal information under this Policy.

Aviluxe Aviation LLC d/b/a Jetaxia

4115 Wild Azalea Ave

Fort Worth, TX 76116

Email: support@jetaxia.com

Phone: (682) 900-5811

1.4 Changes to This Policy

We may update this Policy from time to time. The "Last Updated" date at the top reflects the most recent revision. Material changes will be communicated through the Platform or by email before they take effect. Your continued use of the Platform after the effective date constitutes your acceptance of the updated Policy.

2. Information We Collect

We collect information in three ways: (a) information you provide to us, (b) information we collect automatically, and (c) information we receive from third parties.

2.1 Information You Provide

Account and Contact Information. When you create an account or interact with the Platform, we collect your name, email address, phone number, company name, job title, mailing address, and similar contact and identification information. For Vendors, we additionally collect business registration information, tax identification numbers (for payout and 1099 reporting), insurance certificates, certifications, and banking information necessary for payouts.

Aircraft and Operational Information. When you submit a booking, we collect information about the aircraft and service request, including tail number (N-number or international registration), make, model, serial number, home base airport, service location, requested services, scheduling preferences, coating history, special handling instructions, and related operational details.

Billing and Payment Information. When you add a payment method or make a payment through the Platform, we collect:

• (a) billing contact information (name, billing address, phone number, email);
• (b) limited card details (card brand such as Visa or Mastercard, last four digits, expiration date) for display and identification purposes only;
• (c) payment identifiers (Stripe customer IDs and payment method IDs) that allow us to process charges, refunds, and vendor payouts; and
• (d) invoice records (amounts, dates, services rendered, payment status, billing mode).

Important. Jetaxia does not collect or store full card numbers, CVV or CVC security codes, or full bank account numbers. All sensitive payment data is collected, encrypted, and stored directly by our payment processor, Stripe. Jetaxia uses only tokens and identifiers provided by Stripe to process payments.

Communications and Content. When you contact us or interact with other Platform users, we collect the content of your messages, attachments, reviews, feedback, and similar communications. We may also record calls or chats with support, where permitted by law and with notice.

Identity and Compliance Information. Where required by law, by Stripe, or for fraud prevention, we may collect identity verification information such as driver's license numbers, passport numbers, or business incorporation documents.

2.2 Information We Collect Automatically

Usage and Technical Data. When you use the Platform, we automatically collect technical and usage data, including:

• (a) IP address, browser type and version, device type, operating system, screen size, language preferences, and time zone;
• (b) pages viewed, features used, buttons clicked, forms opened and submitted, and session duration;
• (c) referring website or source, and pages visited before and after the Platform;
• (d) log data including timestamps, error messages, and system activity; and
• (e) a randomly generated session identifier used to group events within a single browsing session.

First Party Analytics. We operate our own first party analytics system stored in our secure infrastructure. This system records page views on public marketing pages, form interactions (for example, when a form is opened, started, or submitted), and similar behavioral events. This data is retained for approximately 90 days and is used to understand Platform performance, optimize the user experience, and improve conversion flows. We do not use this data to track you across other websites or sell this data to advertisers.

Vercel Analytics. We use Vercel's built in analytics to monitor aggregate page views and performance metrics for our website. Vercel Analytics is designed to be privacy friendly and does not rely on cookies or track users across websites. You can learn more at vercel.com/legal/privacy-policy.

Cookies and Similar Technologies. We use a limited set of cookies and similar technologies:

• (a) Essential cookies that are necessary for the Platform to function, such as authentication tokens, session management, and security features. These cannot be disabled without breaking the Platform;
• (b) Preference cookies that remember your settings, such as display preferences or saved filters; and
• (c) Analytics cookies or storage used by our first party analytics to group events into sessions.

We do not currently use third party advertising cookies, remarketing pixels, or cross site tracking technologies. See Section 8 for more information about your choices regarding cookies.

Do Not Track and Global Privacy Control. Because we do not engage in cross context behavioral advertising or sell personal data, "Do Not Track" browser signals and Global Privacy Control (GPC) signals do not materially alter our processing. However, for users protected by the California CCPA, Colorado CPA, Connecticut CTDPA, and similar state laws, we treat a GPC signal as a valid opt out of any processing that would qualify as a "sale" or "share" of personal information, to the extent such processing ever occurs.

2.3 Information From Third Parties

We may receive information about you from:

• (a) Trip Support Partners and FBOs who submit bookings on your behalf or refer you to the Platform;
• (b) Customers and Vendors with whom you interact (for example, Vendors learn Customer aircraft and location information necessary to perform Services);
• (c) Stripe, our payment processor, which provides us with tokenized payment information, verification results, and fraud signals;
• (d) Flight data providers such as FlightAware and AeroAPI, which provide aircraft tail number lookups, registration data, flight tracking, and arrival information;
• (e) The FAA Aircraft Registry and similar public aviation registries for aircraft lookup and validation;
• (f) Identity verification, background check, and fraud prevention providers where such checks are necessary for Vendor onboarding, Stripe Connect activation, or fraud response; and
• (g) Publicly available sources such as business registries, professional directories, and social media where relevant to Vendor vetting, Customer onboarding, or business development.

2.4 Information About Children

The Platform is intended for commercial aviation businesses and their authorized representatives. It is not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@jetaxia.com and we will delete it.

3. How We Use Information

We use personal information for the following purposes:

Account management. Creating and managing accounts, verifying identity, authenticating sessions, maintaining security, and providing customer support.

Service facilitation. Accepting bookings, assigning and matching Vendors, coordinating scheduling, communicating confirmations and updates, tracking service completion, coordinating with Trip Support Partners and FBOs, and recording service history.

Billing and payments. Issuing invoices, processing payments, managing billing preferences (per booking or weekly Net 30), handling refunds, reconciling accounts, and pursuing unpaid balances.

Vendor payouts. Calculating vendor compensation, processing Stripe Connect transfers, maintaining payout records, and producing tax forms (for example, 1099s) where required.

Safety, fraud, and compliance. Detecting and preventing fraudulent transactions, unauthorized access, and abuse; investigating incidents and damage claims; complying with Stripe requirements, card network rules, anti money laundering laws, sanctions laws, and tax reporting obligations.

Platform improvement. Analyzing usage patterns, measuring feature performance, improving conversion flows, diagnosing errors, testing new features, and enhancing the overall user experience.

Communications. Sending transactional communications (booking confirmations, invoices, receipts, service updates, damage claim notifications, account notices, security alerts), responding to inquiries, and, where permitted, sending marketing communications about our services, features, and industry resources.

Marketing and business development. Sending newsletters, promotional emails, SMS marketing messages, event invitations, and other commercial communications to users who have opted in or to whom such communications are legally permitted. You may opt out of marketing communications at any time (see Section 8).

Legal obligations. Meeting tax, accounting, regulatory, and record keeping requirements, responding to legal requests, exercising or defending legal claims, and enforcing our Terms of Service, Vendor Agreement, and other policies.

Aggregation and research. Creating de identified, aggregated, or anonymized data for benchmarking, industry reporting, and research. Once data has been de identified or aggregated such that it cannot reasonably be linked to you, it is no longer treated as personal information under this Policy.

4. Legal Bases for Processing (for EEA, UK, and Other Applicable Jurisdictions)

Where the EU General Data Protection Regulation (GDPR), UK GDPR, or similar laws apply, we process personal information on the following legal bases:

• (a) Performance of a contract, where processing is necessary to deliver the Platform, complete a booking, process a payment, or respond to your request;
• (b) Legitimate interests, including operating and securing the Platform, preventing fraud, improving our services, and conducting business development, where our interests are not overridden by your rights and freedoms;
• (c) Legal obligation, where processing is required to comply with applicable law, regulation, or court order;
• (d) Consent, where you have given us specific consent (for example, for certain marketing communications or optional features), which you may withdraw at any time; and
• (e) Vital interests or public interest, in rare circumstances where processing is necessary to protect a person's life or serve a task carried out in the public interest.

5. How We Share Information

We share personal information only as necessary to operate the Platform and as described below. We do not sell your personal information for monetary consideration.

5.1 With Vendors

We share limited Customer information with assigned Vendors to fulfill service requests, including Customer name and contact information, aircraft details (tail number, make, model, location), service specifications, scheduling, and special instructions. Vendors are contractually required to use this information only to perform the Services and to protect its confidentiality.

5.2 With Trip Support Partners and FBOs

Where a Trip Support Partner or FBO has facilitated your booking or operates a Branded Booking experience you used, we may share booking, service, and status information with that Partner to the extent necessary to coordinate the service. We do not share your full payment card or bank account information with Trip Support Partners or FBOs.

5.3 With Stripe (Payment Processor)

We share payment related information with Stripe, Inc. and its affiliates to process payments, store payment methods, issue refunds, and manage Vendor payouts. Stripe acts as our payment processor and, in some cases, as our service provider or data processor. Stripe's handling of your data is governed by the Stripe Services Agreement (stripe.com/legal) and Stripe's Privacy Policy (stripe.com/privacy). For more information about Stripe's security practices, see stripe.com/security.

5.4 With Other Service Providers

We share personal information with other third party service providers who help us operate the Platform, including:

• (a) cloud hosting and infrastructure (for example, Vercel and Supabase);
• (b) email and SMS delivery providers;
• (c) customer support and help desk tools;
• (d) analytics and error monitoring tools that we have configured to operate as service providers or processors, not as independent controllers;
• (e) flight data and aircraft registry providers (for example, FlightAware, AeroAPI, and the FAA Aircraft Registry);
• (f) identity verification and fraud prevention providers; and
• (g) professional advisors such as lawyers, accountants, insurers, and auditors.

These providers are contractually required to protect your information and use it only for the services they provide to us.

5.5 Business Transfers

If Aviluxe Aviation LLC is involved in a merger, acquisition, reorganization, financing, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you (for example, by email or in Platform notice) of any such transfer and of any resulting changes to this Policy.

5.6 Legal and Safety Disclosures

We may disclose personal information to government authorities, law enforcement, regulators, courts, or other parties when we believe in good faith that disclosure is necessary to:

• (a) comply with applicable law, regulation, subpoena, court order, or other legal process;
• (b) protect the rights, property, or safety of Jetaxia, our users, or others;
• (c) investigate, prevent, or respond to fraud, security incidents, damage claims, or violations of our Terms; or
• (d) exercise or defend legal claims.

5.7 With Your Consent

We may share personal information in other ways with your specific consent or at your direction.

5.8 Aggregated and De Identified Information

We may share aggregated, de identified, or anonymized information that does not identify any individual for any lawful business purpose, including benchmarking, industry research, and marketing.

5.9 No Sale of Personal Information

We do not sell personal information for monetary consideration. Certain disclosures to service providers and Trip Support Partners may technically qualify as "sharing" or "selling" under broad definitions in some state privacy laws (for example, California CCPA definitions that can cover disclosures involving cross context tracking or cookies). We do not knowingly engage in cross context behavioral advertising, and to the extent any disclosure could be considered a "sale" or "share" under applicable law, residents of those states may opt out as described in Section 7.

6. How Long We Keep Information

We retain personal information only as long as necessary for the purposes for which it was collected or as required by law. Specific retention periods include:

Account data. Retained while your account is active and for a reasonable period (typically up to 7 years) after account closure to handle outstanding matters, defend legal claims, and comply with legal obligations.

Booking and transaction records. Retained for at least 7 years to comply with tax, accounting, and commercial record keeping requirements and to support dispute resolution.

Billing and payment records. Retained for at least 7 years as required by tax and accounting laws.

Damage claims and insurance correspondence. Retained for the applicable statute of limitations period, typically 4 to 10 years depending on jurisdiction and claim type.

Technical logs. Retained for approximately 90 days for security, debugging, and performance purposes.

First party analytics events. Retained for approximately 90 days and then automatically deleted.

Marketing communications and preferences. Retained while your account is active or until you opt out or unsubscribe; suppression lists (to honor opt outs) are retained indefinitely to ensure we do not contact you again.

Support communications. Retained for a reasonable period after resolution, typically 2 to 5 years.

After the applicable retention period, we will delete, anonymize, or de identify the information, unless a longer retention period is required by law.

7. Your Privacy Rights

7.1 Rights That May Apply to You

Depending on where you live and the privacy laws that apply to you, you may have some or all of the following rights:

Right to access or know. Request a copy of the personal information we hold about you and information about how we use and share it.

Right to correct. Request correction of inaccurate or incomplete personal information.

Right to delete. Request deletion of your personal information, subject to legal exceptions (for example, we may need to retain certain records for tax, regulatory, fraud prevention, or legal defense purposes).

Right to portability. Request a machine readable copy of personal information you provided to us.

Right to opt out of sale or sharing. Opt out of any processing that qualifies as a "sale" or "share" of personal information under applicable law. As noted in Section 5.9, we do not sell personal information for money; however, you may opt out of any disclosures that could be considered "sharing" under certain state laws.

Right to opt out of targeted advertising or profiling. We do not currently engage in cross context behavioral advertising or profiling that produces legal or similarly significant effects. If this changes, we will update this Policy and provide an opt out mechanism.

Right to limit use of sensitive personal information. Where applicable, you may direct us to limit our use of sensitive personal information. We do not use sensitive personal information for purposes beyond those permitted by law and as needed to provide the Platform.

Right to withdraw consent. Where we rely on consent, you may withdraw it at any time (without affecting the lawfulness of processing based on consent before withdrawal).

Right to non discrimination. We will not discriminate against you for exercising your privacy rights.

Right to appeal. If we deny your privacy request, you may appeal our decision by replying to our denial or contacting support@jetaxia.com with the subject line "Privacy Appeal."

7.2 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: support@jetaxia.com (subject line: "Privacy Request")

Mail: Aviluxe Aviation LLC d/b/a Jetaxia, 4115 Wild Azalea Ave, Fort Worth, TX 76116

We will respond within the timeframes required by applicable law (typically 30 to 45 days, extendable once where permitted). To protect your information, we may need to verify your identity before fulfilling your request. Authorized agents may submit requests on your behalf with appropriate written authorization.

7.3 Specific State Law Disclosures

California (CCPA/CPRA). California residents have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act. The categories of personal information we collect, the purposes for collection, and the categories of third parties with whom we share information are described in Sections 2, 3, and 5 of this Policy. California residents may exercise their rights as described in Section 7.2. We do not sell personal information for monetary consideration and do not knowingly "share" personal information for cross context behavioral advertising. California residents may also request information regarding our disclosures for direct marketing purposes under California's "Shine the Light" law by contacting support@jetaxia.com.

Texas (TDPSA). Texas residents have rights under the Texas Data Privacy and Security Act, including the rights to access, correct, delete, obtain a portable copy of, and opt out of targeted advertising, sale, or profiling with legal effects. Texas residents may exercise these rights as described in Section 7.2.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon (OCPA), Montana (MCDPA), Tennessee (TIPA), Delaware (DPDPA), Iowa (ICDPA), New Hampshire (NHPA), New Jersey (NJDPA), Nebraska, Minnesota, Indiana, Kentucky, Maryland, Rhode Island, and other states with comprehensive privacy laws. Residents of these states have rights similar to those described above, including rights to access, correct, delete, obtain a copy of, and opt out of certain processing. Residents may exercise these rights as described in Section 7.2.

All States: Breach Notification. Where required by applicable state law, we will notify you of a security breach involving your personal information within the timeframes and by the methods required by that law.

7.4 Rights for EEA, UK, and International Users

If you are located in the European Economic Area, United Kingdom, or another jurisdiction with data protection laws modeled on GDPR, you may have the additional rights to (a) object to processing based on our legitimate interests, (b) request restriction of processing, (c) lodge a complaint with your local data protection authority, and (d) be free from decisions based solely on automated processing that produce legal or similarly significant effects on you (we do not currently engage in such automated decision making).

7.5 International Data Transfers

We operate primarily from the United States. If you access the Platform from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where we or our service providers operate. These countries may have data protection laws different from those in your country. Where required by law, we implement appropriate safeguards for international transfers, such as Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Agreement, or similar mechanisms.

8. Marketing Communications and Your Choices

8.1 Email Marketing

By creating an account or providing your email address to us, you agree that we may send you transactional communications (such as booking confirmations, invoices, service updates, security alerts, and account notices) and, where permitted, marketing communications (such as newsletters, product updates, industry content, and promotional offers).

You may opt out of marketing emails at any time by clicking the "unsubscribe" link in any marketing email or by contacting support@jetaxia.com. Opting out of marketing emails does not affect transactional communications, which are necessary to operate your account and the Services.

8.2 SMS and Text Messaging

By providing your mobile phone number and expressly consenting to receive SMS messages, you agree that we may send you transactional SMS (such as booking reminders, service updates, two factor authentication codes, and critical alerts) and, where you have opted in, marketing SMS (such as promotional offers, product announcements, and industry content).

Message and data rates may apply. Message frequency varies. You may opt out of marketing SMS at any time by replying STOP to any marketing message. Reply HELP for help. Opting out of marketing SMS does not affect transactional SMS necessary to operate your account. Our SMS program complies with the Telephone Consumer Protection Act (TCPA) and applicable state laws.

8.3 Cookies and Tracking Choices

You can manage cookies through your browser settings, including blocking or deleting cookies. Blocking essential cookies will prevent the Platform from functioning correctly. Because we do not use third party advertising cookies or cross site tracking, you do not need to opt out of targeted advertising by us.

8.4 Do Not Call

Where applicable, we comply with Do Not Call registries and honor opt out requests for marketing calls.

9. Data Security

9.1 Our Security Measures

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect personal information, including:

Encryption. Data transmitted between your browser and our servers is encrypted using HTTPS/TLS. Sensitive data at rest is encrypted using industry standard algorithms.

Access controls. We use secure authentication (including optional two factor authentication), role based access controls, and the principle of least privilege. Access to billing and payment data is restricted to authorized personnel with a business need.

PCI compliance. Full card and bank account data is handled by Stripe, which maintains PCI DSS Level 1 certification, the highest level of payment card industry compliance. Jetaxia uses only tokens and identifiers rather than raw card numbers.

Monitoring and response. We monitor for security threats, log security events, and maintain an incident response process to address suspected or actual breaches.

Vendor due diligence. We evaluate the security practices of our service providers and require contractual security protections.

9.2 Your Role in Security

No system is perfectly secure. You play an important role by:

• (a) using a strong, unique password and enabling two factor authentication;
• (b) keeping your credentials confidential;
• (c) logging out when using shared devices;
• (d) promptly notifying us at support@jetaxia.com of any unauthorized access or suspicious activity; and
• (e) keeping your software and devices up to date.

9.3 Breach Notification

If we determine that a security breach has resulted in the unauthorized access, acquisition, or disclosure of your personal information, we will notify you and, where required, applicable authorities within the timeframes required by applicable law.

10. Payment Processing and Stripe

10.1 How Payments Work

When you pay for Services on the Platform, your full payment card or bank account information is collected and processed by Stripe, not by Jetaxia. Stripe tokenizes your payment method and returns to Jetaxia only (a) a secure token that allows us to initiate future charges with your authorization, and (b) limited display information (card brand, last four digits, expiration date) so that you can identify which payment method is on file.

10.2 What Stripe Does

Stripe acts as our payment processor and, where we instruct it to store your payment method on file, as a data processor or service provider. Stripe is also independently a controller for certain purposes, including fraud prevention, compliance with card network rules, and regulatory reporting. Stripe's handling of your data is described in the Stripe Services Agreement (stripe.com/legal) and the Stripe Privacy Policy (stripe.com/privacy).

10.3 What Jetaxia Receives

Jetaxia receives from Stripe only the information necessary to operate billing and payouts, including:

• (a) Stripe customer ID and payment method ID;
• (b) card brand, last four digits, and expiration date;
• (c) payment status, authorization and capture events, refund and dispute notifications;
• (d) Stripe Connect account status and payout information for Vendors; and
• (e) fraud signals and risk scores that inform our decisions.

Jetaxia does not receive or store full card numbers, CVV/CVC codes, or full bank account numbers.

10.4 Vendor Payouts

Vendor payouts are processed through Stripe Connect. Vendors provide their banking and identity information directly to Stripe, which handles verification and payout execution. Jetaxia receives payout status and records but does not receive full banking credentials.

11. Third Party Websites and Services

The Platform may link to or integrate with third party websites and services, including Stripe, FlightAware, Vercel, Supabase, mapping providers, and others. This Policy does not apply to those third party services. We encourage you to review the privacy policies of any third party services you use.

12. California "Shine the Light" and Additional Notices

California residents who have an established business relationship with us may request, once per calendar year, information about our disclosures of certain categories of personal information to third parties for their direct marketing purposes. To make such a request, contact us at support@jetaxia.com with the subject line "Shine the Light Request." We do not currently share personal information with third parties for their independent direct marketing purposes.

13. Job Applicants

If you apply for a job at Jetaxia, we may collect additional information such as your resume, employment history, education, references, and information gathered during the interview process. We use this information to evaluate your application, communicate with you about employment opportunities, and comply with legal requirements. We may retain application information for future openings unless you request deletion.

14. Contact Us

For privacy related questions, requests, appeals, or concerns, please contact us at:

Aviluxe Aviation LLC d/b/a Jetaxia

4115 Wild Azalea Ave

Fort Worth, TX 76116

Email: support@jetaxia.com (subject line: "Privacy Request" or "Privacy Appeal")

Phone: (682) 900-5811

If you are not satisfied with our response, you may have the right to contact your local data protection authority or, in the U.S., your state attorney general.