LetsFly
Log inJoin

Privacy Policy

Last updated: March 11, 2026

1. Data Controller

The controller of your personal data is LetsFly, located at:

Jan Rawwo Lets Fly
ul. Jaworowa 9B, 82-300 Elbląg, Poland
NIP: 5783157699
Email: kontakt@letsfly.pl

For any data protection inquiries, you can reach us at the email address above.

2. What Data We Collect

Depending on how you use the platform, we collect the following data:

a) Pilot account registration

  • First and last name
  • Email address
  • Password (stored in encrypted form by Supabase Auth - we have no access to it)
  • Username (profile slug)
  • Timestamp of consent to terms and data processing

b) Pilot profile (voluntarily provided)

  • Bio / description
  • City and region
  • Website, Instagram profile, YouTube channel
  • Equipment list
  • Portfolio photos and videos

c) Inquiry form (visitors)

  • Name
  • Email address and/or phone number (at least one contact method required)
  • Message content

d) Technical data

  • IP address (server logs)
  • Browser and operating system type
  • Essential cookies (authentication session)

3. Purposes and Legal Basis for Processing

We process your data for the following purposes:

  • Performance of a contract (Art. 6(1)(b) GDPR) - maintaining your account, displaying your pilot profile, handling client inquiries.
  • Consent (Art. 6(1)(a) GDPR) - sending marketing communications (only if you opted in; you may withdraw consent at any time).
  • Legitimate interest (Art. 6(1)(f) GDPR) - ensuring platform security, preventing abuse, internal analytics.
  • Legal obligation (Art. 6(1)(c) GDPR) - retaining data required by law (e.g., GDPR consent records).

4. Data Recipients (Sub-processors)

Your data may be shared only with trusted sub-processors with whom we have Data Processing Agreements (DPAs) in place:

  • Supabase Inc. - database, authentication, image storage. Data stored in the EU region (Frankfurt, Germany). Supabase has a GDPR-compliant DPA.
  • BunnyWay d.o.o. (Bunny.net) - video file storage and CDN delivery. Headquartered in Slovenia (EU). Bunny.net has a GDPR-compliant DPA.
  • Hetzner Online GmbH - server hosting (VPS). Headquartered in Germany. Hetzner is fully GDPR-compliant.

Additionally, contact details of a person submitting an inquiry (name, email, phone number, message) are shared with the selected pilot to enable a response. The person submitting the inquiry is informed of this and provides consent before submitting the form.

5. Data Transfers Outside the EEA

We do not transfer your personal data outside the European Economic Area (EEA). All our sub-processors store data in data centers located within the European Union.

6. Data Retention

  • Account data - retained for the duration of your account. Upon account deletion, all data is permanently removed.
  • Inquiries - retained for the duration of the Pilot's account to which they were sent. The Pilot may delete received inquiries at any time through the pilot dashboard. Upon account deletion, all associated inquiries are permanently removed.
  • Server logs - retained for a maximum of 30 days for security purposes.
  • Consent records - consent timestamps are retained for the period required by law (to demonstrate GDPR compliance).

7. Your Rights

Under the GDPR, you have the following rights:

  • Right of access - you may request information about what personal data we process about you.
  • Right to rectification - you may correct your data through the pilot dashboard or by contacting us.
  • Right to erasure (“right to be forgotten”) - you may delete your account and all associated data through the pilot dashboard. Deletion includes your profile, equipment, portfolio (photos and videos), inquiries, and all other personal data.
  • Right to data portability - you may download your data in JSON format through the pilot dashboard.
  • Right to restriction of processing - you may request restriction of processing in certain circumstances.
  • Right to object - you may object to processing based on legitimate interest.
  • Right to withdraw consent - you may withdraw your consent at any time (e.g., marketing), without affecting the lawfulness of processing carried out before the withdrawal.

To exercise these rights, contact us at the email address listed in section 1 or use the relevant features in the pilot dashboard.

You also have the right to lodge a complaint with the supervisory authority - the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland.

8. Cookies

LetsFly uses only cookies that are strictly necessary for the proper functioning of the platform:

  • Authentication session cookies - necessary to maintain a logged-in user session. These are first-party cookies set by Supabase Auth. They do not require consent as they are essential for providing the service.
  • Language preference cookie - remembers the selected interface language (Polish/English).

We do not use analytics, advertising, or tracking cookies. We do not use tools such as Google Analytics, Facebook Pixel, or any other third-party tracking scripts.

9. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy. We will notify users of significant changes through a notification on the platform or via email. The current version is always available at this address.

10. Contact

For questions regarding personal data protection, please contact us:

Email: kontakt@letsfly.pl