Privacy Policy

Last updated: April 23, 2026

1. Who we are

FBO Finder (“we”, “our”, “us”) is a service operated by Libra International FZCO, a Free Zone Company registered in Dubai, United Arab Emirates, with registered office at Premises 23414-001, IFZA Business Park, DDP, Dubai Silicon Oasis (collectively “the Company”). The Company acts as the data controller for personal data processed through the FBO Finder mobile application and the website fbo-finder.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

EU Representative (GDPR Article 27). As we are established outside the European Union but offer services to individuals in the EU, we have appointed an EU representative you may contact for any matter related to the processing of your personal data:

  • [EU Representative Name — to be appointed]
    Address: [address in an EU Member State]
    Email: eu-rep@fbo-finder.com

We are in the process of formalising this appointment. In the interim, EU data subjects can address all GDPR requests directly to privacy@fbo-finder.com.

2. Information we collect

We collect the following categories of information:

  • Account information: name, email address, user type (passenger, company, broker, driver) when you create an account.
  • Usage data: search history, favorite terminals, reviews, and handling requests you submit through the service.
  • Location data: with your explicit permission, approximate location to display nearby airports and terminals.
  • Device data: device type, operating system, app version, and push notification tokens (if enabled).
  • Payment data (partners only): for FBO Partner subscriptions, payment is processed by Stripe. We never store full card numbers — only the Stripe customer ID and subscription metadata.

3. How we use your information

We use your information to:

  • Provide, maintain, and improve the FBO Finder service.
  • Process handling requests and forward them to the relevant FBOs.
  • Send push notifications about your favorite terminals (if you opt in).
  • Display your reviews (first name and rating only) on terminal pages.
  • Process Partner subscription payments and provide customer support.
  • Generate anonymized analytics to improve the service.

4. Legal bases for processing

We process your personal data on the following legal bases:

  • Consent — for push notifications, location access, and marketing emails.
  • Performance of a contract — to deliver the service you signed up for (handling requests, account management, Partner subscriptions).
  • Legitimate interests — to keep the service secure, prevent fraud, and improve our product.
  • Legal obligation — to comply with applicable laws, including UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL), EU GDPR, and the California Consumer Privacy Act (CCPA / CPRA) where applicable.

5. Data sharing & international transfers

We do not sell your personal data. We share data only with:

  • FBO operators: handling requests include your contact name, email, phone, and flight details — required for the FBO to process your request. Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
  • Supabase Inc. (hosting): PostgreSQL database in the EU region (eu-west-1, Ireland). No transfer outside the EU for stored data.
  • Stripe Payments Europe Ltd (payments): subscription billing for FBO Partners. Stripe acts as an independent controller for payment data. Transfers to Stripe US are covered by EU Standard Contractual Clauses (Module 2 — controller to processor) + Stripe’s GDPR Data Processing Addendum.
  • Vercel Inc. (website hosting, US): edge delivery for fbo-finder.com. Covered by SCCs Module 2 and the Vercel DPA. Vercel’s EU Frankfurt region is preferred when available.
  • Resend Inc. (transactional email, US): sends account confirmations and handling-request notifications. Covered by SCCs Module 2 and Resend’s DPA.
  • Expo / EAS (US): over-the-air mobile app updates. No personal user data leaves the device via Expo; only opaque device tokens for push notifications, covered by SCCs Module 2.
  • Legal requirements: if required by law, court order, or to protect our rights, safety, or property, we may disclose data to competent authorities.

All transfers outside the European Economic Area are made under the European Commission’s Standard Contractual Clauses (Decision 2021/914) or equivalent safeguards required by GDPR Chapter V. You can request a copy of the SCC framework for a given transfer by emailing privacy@fbo-finder.com.

6. Data retention

We retain personal data only for as long as is necessary for the purposes set out in this policy. Specific retention periods:

  • Account data (name, email, profile): for the life of the account, then deleted within 30 days of account deletion. Inactive accounts (no login for 24 months) are auto-deleted.
  • Favorites and search history: until the user deletes them, or account deletion.
  • Reviews: retained indefinitely in anonymised form after account deletion (first name and rating remain public — email and user-id are erased). You can request full removal of the review body.
  • Handling requests: retained for 3 years after last activity (business record / fiscal obligation), then deleted.
  • FBO Partner subscription data and invoices: retained for 10 years as required by accounting regulations.
  • Server logs (IP, user-agent, URL): 12 months maximum.
  • Aggregated / anonymised analytics: retained indefinitely — these cannot be re-associated with an identifiable individual.
  • Stripe customer + payment records: Stripe retains these for 7 years (their statutory obligation); after we delete our copy, Stripe’s retention is covered by their own privacy policy.

You can request deletion of your account and all associated data at any time from the Profile section of the app, or by emailing privacy@fbo-finder.com. We complete the deletion within 30 days (GDPR Art. 12(3)).

7. Your rights

Depending on your jurisdiction (UAE PDPL, EU GDPR, California CCPA/CPRA), you have the right to:

  • Access your personal data (via the “Export my data” feature in the app).
  • Rectify inaccurate data (via the “Edit Profile” section).
  • Delete your account and personal data (via the “Delete my account” option).
  • Object to or restrict certain processing activities.
  • Portability — receive a structured, machine-readable copy of your data.
  • Withdraw consent for push notifications, marketing emails, or location at any time.
  • Lodge a complaint with a supervisory authority. For EU residents this is your local Data Protection Authority — for example, the CNIL (France), the BfDI (Germany), the Irish DPC or the full list of EU DPAs. UAE residents may contact the UAE Data Office.

We respond to data-subject requests within one month (GDPR Art. 12(3)), extendable by two further months for complex requests, in which case we will notify you.

8. Security

We use industry-standard security measures including encrypted connections (HTTPS/TLS 1.3), row-level security on our database, secure authentication via Supabase Auth with salted password hashing, and PCI-DSS compliant payment processing via Stripe. We conduct periodic security reviews and incident response planning.

9. Cookies

Our website uses essential cookies only for authentication and session management. We do not use advertising cookies or third-party tracking on the website. The mobile app uses local storage for preferences (favorite terminals, language) and does not embed third-party trackers.

10. Children

FBO Finder is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, contact us at privacy@fbo-finder.com and we will delete it.

10a. Brazil (LGPD)

For users located in Brazil, processing is carried out in accordance with Brazilian Lei Geral de Proteção de Dados (Law No. 13.709/2018, “LGPD”). You hold the same rights of access, rectification, deletion, portability, objection and withdrawal of consent set out in section 7. The legal bases we rely on map to LGPD Article 7: consent (push notifications, marketing), execution of a contract (handling requests, account management), legitimate interest (fraud prevention, service improvement) and legal obligation. Cross-border transfers to Supabase (EU) and Stripe (US) are made under LGPD Article 33 safeguards. Brazilian residents may contact our DPO at privacy@fbo-finder.com or lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).

10b. China (PIPL)

For users located in mainland China, processing is governed by the Personal Information Protection Law (effective 1 November 2021, “PIPL”). By creating an account from China you give your separate consent under PIPL Article 39 to the cross-border transfer of your personal information to our infrastructure providers in the European Union (Supabase, Frankfurt region) and the United States (Stripe). The data we collect, the categories of recipients and your rights are described in sections 2-7 above. You may access, rectify or delete your data, withdraw consent at any time, and request portability via the in-app Profile screen or by emailing privacy@fbo-finder.com. We respond to PIPL data-subject requests within 15 working days.

10c. California (CCPA / CPRA)

For California residents the Consumer Privacy Act of 2018 (as amended by the CPRA) grants the right to know, the right to delete, the right to correct, the right to opt out of sale or sharing, and the right to limit the use of sensitive personal information. FBO Finder does not sell or share personal information for cross-context behavioural advertising. We do not use third-party tracking technologies on the website or in the app. Because nothing is sold or shared, no “Do Not Sell or Share My Personal Information” opt-out mechanism is required (Cal. Civ. Code §1798.135(a)). California residents may exercise the rights above via the in-app Profile screen or by emailing privacy@fbo-finder.com.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the app, by email, or by displaying a notice on the website. Continued use of the service after an update constitutes acceptance of the revised policy.

12. Contact

Libra International FZCO
Dubai, United Arab Emirates
Email (privacy): privacy@fbo-finder.com
Email (general): support@fbo-finder.com