Privacy Policy

How FlightGPT collects, stores and uses your information.

FlightGPT Privacy Policy

Last updated: June 2026. This policy explains what information FlightGPT (flightgpt.in) collects when you use the site, how we use it, who we share it with, and the rights you have under India's Digital Personal Data Protection Act, 2023 (the DPDP Act). By using FlightGPT you agree to this policy.

1. Information we collect

2. How we use your information

To run searches and return fares; to process and service bookings; to send booking confirmations, e-tickets and service messages by email; to prevent fraud and abuse; to improve the product; and to meet legal obligations. We rely on your consent and on the necessity of performing the service you requested as our lawful bases.

3. Cookies and tracking

We use strictly-necessary cookies to make the site work and analytics cookies to understand usage. You can control or block cookies in your browser settings. We do not sell your personal data and we do not run third-party ad-tracking on the booking flow.

4. Who we share your data with

We share only what is needed to fulfil your request: airlines, hotels and our supplier and travel-agent partners to complete a booking; our payment processor to take payment; Amazon SES to deliver transactional email; and analytics providers in aggregated or pseudonymised form. We may disclose data where required by law or to protect our users. We do not sell personal data to advertisers.

5. Data retention

We keep booking records for as long as needed to service your trip and to meet legal, tax and accounting requirements, after which we delete or anonymise them. Saved searches are stored on your device, and on our servers only if you have an account.

Visa service documents. When you use our visa service, the documents and details you provide for an application — passport copy, photograph, financial documents, flight and hotel bookings, cover letter and similar — are held only for as long as your application needs them. If your visa is granted, we automatically delete these documents; if you reapply, we retain them only until that later application is decided and your visa is granted. If your visa is not granted, we keep the documents for up to 7 days so you can appeal or reapply, after which every file you provided for the application is automatically and permanently deleted from our servers. We share these documents only with the government visa authority, embassy or visa application centre (such as VFS) needed to process your application.

Passport reading (AI extraction). If you attach a passport during a visa chat, the image is encrypted (AES-256-GCM) at rest on our servers, outside the public web, and is readable only by your assigned visa expert or by you. To pre-fill your application and save you typing, the image is sent once to our AI provider (Anthropic, or Google Gemini if we have it configured) for optical reading; under our paid API agreements the image is processed only to read it and is not used to train any public model. We extract only the details printed on the passport — name, passport number, nationality, dates of birth, issue and expiry, sex, place of birth, issuing authority and passport type. We do not log your passport number, and where it is shown back to you it is masked to the last four digits. The image and the extracted details are deleted on the same schedule as your other visa documents — immediately once your visa is granted, within 7 days of a refusal or cancellation, and within 60 days otherwise — and you can remove the image yourself at any time. Reading your passport this way is optional; you can always type your details instead.

6. Your rights under the DPDP Act, 2023

You can request access to, correction of, or erasure of your personal data, withdraw consent at any time, and nominate another person to exercise your rights. To make a request, email our Grievance Officer at admin@flightgpt.in and we will respond within the timelines required by law.

7. Security

We protect data in transit with HTTPS and apply access controls and reputable processors. No method of transmission or storage is completely secure, but we take reasonable technical and organisational safeguards.

8. Children

FlightGPT is intended for adults arranging travel. We do not knowingly collect personal data from children under 18 without verifiable parental consent.

9. Changes to this policy

We may update this policy from time to time; the "last updated" date above will change and material changes will be highlighted on this page.

10. Contact

Questions or data requests: admin@flightgpt.in. See also our Terms of Use.