log inContact Us

Privacy policy

Last Updated: May 28, 2026 | Version 2.3

Feeyo Technology Company Ltd. understands that protecting your personal and corporate information is a profound responsibility. We work diligently to safeguard your data through industry-leading security architectures while putting you in absolute control. This Privacy Policy (hereinafter referred to as the “Policy”) transparently outlines our protocols regarding data collection, operational use, storage localization, third-party sharing, and global transfers when delivering aviation data solutions.

This Policy applies across all VariFlight official websites, data management backends, and digital application portals. The data processing operations, customer interfaces, and infrastructure assets are fundamentally managed by Feeyo Technology Company Ltd. (hereinafter referred to as “We”, “Us”, or “Feeyo Technology”) and its global affiliates providing global processing support. If you are a resident of the European Economic Area (EEA), please refer directly to the specialized “GDPR Appendix for EU Users” integrated at the conclusion of this document.

I. Information Collection and Targeted Usage We strictly adhere to the principles of “minimization” and “lawful processing,” capturing information across specific business touchpoints to confirm corporate identity, process commercial proposals, and fulfill regulatory compliance:

  1. E-Magazine & Industry Report Subscriptions: When subscribing to our civil aviation technical journals or capacity analysis reports, you provide your name, email address, company name, and mobile number. Note: Mobile phone numbers are classified as sensitive personal details under specific regulations, and collection is necessary to authorize the delivery of your subscribed assets.

  2. Data Console Authentication & Login: Accessing secure analytical modules or obtaining permissions within the API developer testing environment requires providing your registered email account to handle secure login verification and protect interface integrity.

  3. Commercial Cooperation & B2B Inquiries: When submitting API trial forms, requesting quotes, or entering project requests, we collect your name, corporate affiliation, job title, corporate email, telephone number, and specific business use cases to allow our Business Development (BD) teams (including our global international teams) to deliver targeted solutions.

  4. Aviation Volunteer Applications: To verify qualifications for public aviation data verification and evaluation programs, we collect your full name, nationality, mobile phone number, email address, and referee details.

II. Data Retention, Localization, and Security Infrastructure

  1. Data Retention Framework: We retain your personal data strictly until the defined business purpose of collection is accomplished, or until an explicit account deletion request is filed by the user (whichever occurs first). In the event that a service line is decommissioned, we will notify affected parties via public notices and permanently delete or anonymize all relevant profiles.

  2. Data Localization and Cross-Border Transfers: Personal data collected and processed within the territory of the People’s Republic of China (PRC) is localized and stored within secure data center nodes inside the PRC. If your business engagement is contractually processed or held by our designated overseas affiliate (such as our legal entity registered in Singapore), any administrative or commercial communication details required for billing, compliance routing, or global database verification will be managed securely under applicable cross-border information guidelines.

  3. Core Technical Security Measures:

    • High-Strength Encryption: Enforcing mandatory Secure Sockets Layer (SSL/TLS) encryption for data in transit and robust industry-standard encryption for stationary storage layers.

    • Access Management (RBAC): Implementing strict role-based access controls ensuring only validated security personnel possess the technical clearances required to interface with raw underlying data layers.

    • Security Incident Response: In the event of a suspected security risk, we execute statutory crisis management protocols, notifying affected parties individually via email, telephone, or push notifications regarding the mitigation vectors, recommendations, and regulatory reporting steps.

III. Third-Party Sharing, Transfers, and Disclosures

  1. Consent-Driven Sharing: We do not disclose or share personal details with external companies or entities unless explicit user authorization has been obtained, or as legally mandated by administrative mandates and judicial subpoenas.

  2. Data Aggregation Exemptions: Anonymous, compiled data aggregates that cannot be reverse-engineered to identify a human profile or a single specific entity are exempt from this policy. VariFlight and its affiliates reserve the unrestricted right to utilize, analyze, and publish aggregated analytical metrics (e.g., global airport quasi-on-time performance indexes, macro carbon emission trends) for research and industry reports.

  3. Corporate Restructuring: In cases of merger, acquisition, asset transfer, or corporate liquidation, all succeeding entities will remain strictly bound by the privacy covenants detailed in this Policy or must request renewed consent.

IV. Definitive Statutory User Rights Users maintain full autonomy over their data assets and may exercise their statutory rights via their account configuration console or by contacting our compliance center:

  1. Access and Rectification: Right to inspect, edit, or modify your personal identity profile data, corporate records, and customized flight tracking metrics via the Personal Center dashboard.

  2. Erasure & Account Decommissioning: Right to demand complete erasure of account records and privacy footprints if data processing violates statutory rules, lacks valid consent, or if account deletion is initiated.

  3. All formalized data rights inquiries will be processed and responded to within fifteen (15) business days following robust identity verification.

V. GDPR Appendix for EU Users For individuals residing natively within the European Union, VariFlight acts as the designated Data Controller under the General Data Protection Regulation (GDPR) frameworks:

  • Designated European Controller Identity: Feeyo Technology Company Ltd.

  • Registered Address: Building E, High-tech Innovation Valley, Wenqu Road, High-tech Zone, Hefei, P.R.China

  • International Operations Note: The processing of specific requests, local billing routing, or customer contract compliance for EU users may be managed or fulfilled through our designated non-PRC global corporate structures, including but not limited to our corporate affiliate in Singapore.

  • GDPR Rights Channel: EU users possess localized rights including the Right of Access (Art. 15), Right to Rectification (Art. 16), Right to Erasure / ‘To Be Forgotten’ (Art. 17), Right to Data Portability (Art. 20), and Right to Object (Art. 21). Formal claims or supervisory data requests may be directed via email to: business@VariFlight.com.

VI. Data Privacy Protection Center Contact Information Corporate Unit: Attn: Data and Privacy Protection Center, VariFlight Physical Address: Building E, High-tech Innovation Valley, Wenqu Road, High-tech Zone, Hefei, P.R.China Direct Compliance Routing Email: business@VariFlight.com