FlightsHotelsPackagesSupport
Log InSign Up
Privacy

Your data, your control.

Plain language. No fine-print games. GDPR and Kenya DPA aligned. Last updated 1 January 2026.

Your trust is the foundation of our business. This policy explains exactly what personal data we collect, how we use it, who we share it with, and the rights you have over it.

We protect what you share

Bank-grade TLS encryption in transit, AES-256 at rest, and PCI-DSS controls around payment data.

We collect only what we need

Booking, payment, identity and contact data — and nothing we cannot justify operationally.

We never sell your data

We share only with airlines, hotels and payment processors necessary to complete your booking.

You stay in control

Access, correct, export or delete your data at any time from your account settings.

Information We Collect

  • Account data: name, email, phone, password (hashed), preferred language and currency.
  • Booking data: passenger details, travel documents (passport / national ID), itinerary information.
  • Payment data: card details are tokenized via PCI-DSS compliant processors — we do not store full card numbers on our systems.
  • Usage data: IP address, device type, browser, pages visited and search queries (used for security, fraud prevention and product improvement).

How We Use Your Information

  • To process bookings, issue tickets and provide customer support.
  • To comply with legal and regulatory obligations, including IATA, anti-fraud and tax requirements.
  • To send transactional communications — booking confirmations, schedule changes, e-tickets, refunds.
  • With your consent, to send marketing emails, fare alerts and loyalty offers. You can opt out at any time.
  • To detect and prevent fraud, abuse and security incidents on our Platform.

Who We Share Data With

  • Airlines, hotels and ground operators required to fulfill your booking.
  • Payment processors (Stripe, M-Pesa, local banks) — strictly to process transactions.
  • Government authorities when legally compelled (e.g., advance passenger information, court orders).
  • Trusted service providers under strict data-processing agreements: cloud hosting, email delivery, analytics.
  • We do not sell or rent your personal information to third parties for marketing purposes.

International Transfers

  • SumFlights operates globally. Your information may be transferred to and processed in countries other than your own — including Türkiye, Kenya, the United Arab Emirates and the European Union.
  • We rely on Standard Contractual Clauses and equivalent safeguards to ensure your data is protected to the same standard wherever it is processed.

Data Retention

  • Booking records are retained for up to seven (7) years to satisfy tax, accounting and aviation regulations.
  • Account data is retained for as long as your account remains active. You may request deletion at any time, subject to legal retention obligations.
  • Marketing preferences are retained until you opt out.

Your Rights

  • Right to access — request a copy of the data we hold about you.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure — request deletion of your data, subject to legal exceptions.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — opt out of marketing or profiling at any time.
  • To exercise any of these rights, email support@sumflights.com or use the controls in your account settings.

Cookies & Tracking

  • We use essential cookies to keep you signed in and remember your preferences.
  • Analytics cookies (with consent) help us understand how the Platform is used so we can improve it.
  • You can manage or disable cookies through your browser settings — note that some features may not work properly without them.

Children's Privacy

  • SumFlights is not intended for children under 18. We do not knowingly collect data from minors. If you believe we have, please contact us so we can remove it.

Changes to This Policy

  • We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform at least 30 days before they take effect.

Privacy questions or requests?

Our data protection team is available at support@sumflights.com. We respond to all formal requests within 30 days.

SumFlights Global · Maslak Mahallesi, Sarıyer, Istanbul, Türkiye