1. Introduction
Welcome to Flyfy. This Privacy Policy explains how LukApp ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use the Flyfy mobile application ("the App"). Flyfy is a premium iOS travel companion designed to help you plan trips, manage expenses, discover destinations, play travel games, and collaborate with friends.
By downloading, installing, or using Flyfy, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein. If you do not agree with this policy, please do not use the App.
LukApp is the data controller responsible for processing your personal information. We are committed to protecting your privacy and ensuring transparency about how your data is handled.
2. Information We Collect
2.1 Information You Provide Directly
When you create an account and use Flyfy, you may provide us with the following information:
- Account information: When you sign in using Sign in with Apple, we receive your name and email address (or Apple's private relay email address if you choose to hide your email). We also receive a unique Apple User ID that identifies your account.
- Profile information: Your display name, profile photo, and any other details you choose to add to your profile.
- Trip data: Trip names, destinations, dates, itinerary items (flights, hotels, restaurants, activities, transport, and notes), cover images, and trip settings you create within the App.
- Expense data: Expense amounts, descriptions, categories, currency information, and expense-splitting details shared among trip collaborators.
- Packing lists: Items you add to your personal packing checklists for each trip.
- Documents: Travel documents, receipts, booking confirmations, and other files you upload to the App.
- Notes: Personal and shared trip notes you create.
- Game data: Scores, achievements, badges earned, and game session history from the travel games you play within the App.
- Social data: Friend connections, friend requests, and user interactions within the App.
2.2 Information Collected Automatically
When you use Flyfy, certain information is collected automatically:
- Device information: iOS version, device model, device identifier, language settings, and time zone.
- Usage data: Features you use, screens you visit, actions you take, and interaction patterns within the App. This helps us understand how Flyfy is used and improve the experience.
- Crash logs and diagnostics: In the event of an app crash or error, diagnostic data may be collected to help us identify and fix issues.
- Location data: Only when you explicitly enable the Live Location Sharing feature during a trip. This data is shared in real time with your trip collaborators. Location updates continue in the background while Live Location Sharing is active (indicated by the iOS blue status bar) and stop immediately when you disable sharing, close the live map, sign out, delete your account, or lose internet connectivity. We never collect location data when Live Location Sharing is off.
2.3 Information from Third Parties
- Apple: Account information provided through Sign in with Apple, including your name and email address or private relay email.
- Firebase Cloud Messaging: Device tokens used to deliver push notifications.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Providing core features: To enable trip planning, itinerary management, expense tracking, packing lists, document storage, travel games, and all other features of the App.
- Syncing across your devices: To synchronise your personal trip data across all your Apple devices signed into the same iCloud account via Apple CloudKit.
- Enabling collaboration: To allow you to share trips with friends, collaborate on itineraries, split expenses, share documents and notes, and share your live location during trips via Google Firebase.
- Push notifications: To notify you of trip invitations, friend requests, trip updates, and other relevant events via Firebase Cloud Messaging.
- Personalisation: To customise your experience within the App based on your preferences and usage patterns.
- Analytics and improvement: To understand how the App is used, identify issues, and improve features, performance, and user experience.
- Security: To detect and prevent fraud, abuse, and security incidents.
- Legal compliance: To comply with applicable laws, regulations, and legal processes.
4. Data Storage and Sync
Flyfy uses two distinct data storage and synchronisation systems, each serving a different purpose:
4.1 Apple CloudKit (iCloud)
Your personal trip data — including itineraries, expenses, packing lists, documents, notes, game scores, and badges — is stored in your private iCloud container using Apple's CloudKit framework. This means:
- Your personal data is stored in your own iCloud account, not on our servers.
- Apple manages the encryption, security, and storage of your CloudKit data.
- We do not have access to your iCloud data. Only you can access it through your Apple devices signed into your iCloud account.
- Data is automatically synced across all your Apple devices signed into the same iCloud account.
- Data availability depends on your iCloud storage plan and account status.
4.2 Google Firebase (Collaboration)
When you use collaborative features — such as sharing trips with friends, splitting expenses, or sharing documents — certain data is stored in Google Firebase services:
- Firestore: Shared trip metadata, collaborative itinerary items, shared expenses, shared notes, trip invitations, friend requests, notifications, and user profile information needed for collaboration.
- Realtime Database: When you enable Live Location Sharing for a trip, your precise location is transmitted in real-time to trip collaborators via Firebase Realtime Database. Your location data is automatically and immediately removed from Firebase servers when any of the following occurs: you disable live sharing, you close the live map, you sign out, you delete your account, or your device disconnects from the internet. Firebase
onDisconnecthandlers ensure server-side cleanup occurs within seconds of disconnection, even if the app is force-quit. No location history is retained after sharing stops. - Firebase Storage: Shared documents and files uploaded for collaborative access.
- Firebase data is encrypted in transit using TLS and at rest by Google Cloud Platform.
- Firebase has offline persistence enabled, which means data is cached locally on your device for offline access and synced when connectivity is restored.
4.3 Local Storage
Flyfy also stores data locally on your device using Apple's SwiftData framework. This local data store provides instant access to your information and is the primary source for the App's user interface. Local data is included in your device backups if you have iCloud Backup or local backups enabled.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties.
We may share your information in the following limited circumstances:
- With trip collaborators: When you share a trip with friends, they can see the shared trip data including itinerary items, expenses, notes, and documents. They can also see your display name and profile photo. If you enable live location sharing, your location is visible to trip collaborators in real time.
- With friends: Users you add as friends can see your display name, profile photo, and travel statistics (passport score, badges).
- Apple: Your personal data is stored in your iCloud account via CloudKit. Apple processes this data in accordance with Apple's Privacy Policy. Subscription and payment data is handled by Apple through the App Store.
- Google Firebase: Collaborative data is processed by Google Firebase services in accordance with Google's Privacy Policy and Data Processing Terms.
- Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect our rights, safety, or the rights and safety of others.
5.1 Data Types Processed Through Firebase (Google)
Flyfy uses Firebase (operated by Google LLC) as a backend service for collaboration, authentication, push notifications, and error monitoring. The following data types are processed through Firebase. These correspond directly to the privacy labels declared on the App Store:
| Data Type | Purpose | Linked to Identity | Third-Party Processor |
|---|---|---|---|
| Precise Location | Live Location Sharing with trip collaborators | Yes | Google (Firebase Realtime Database) |
| Name and Display Name | User profiles, collaboration, leaderboards | Yes | Google (Firestore) |
| Email Address | Account authentication via Sign in with Apple (may be a private relay address) | Yes | Google (Firebase Auth) |
| User ID | Account management and data association | Yes | Google (Firebase Auth, Firestore) |
| Photos and Videos | Profile avatar and shared trip documents | Yes | Google (Firebase Storage) |
| Other User Content | Shared trip data, notes, expenses, packing lists (shared trips only) | Yes | Google (Firestore) |
| Device Identifier | Push notification delivery | Yes | Google (Firebase Cloud Messaging) |
| Crash Data | App stability monitoring and bug fixing | No | Google (Firebase Crashlytics) |
| Performance Data | App performance monitoring | No | Google (Firebase Performance) |
| Purchase History | Subscription status management | Yes | Apple (StoreKit only — not shared with Google) |
Personal trip data synced via iCloud/CloudKit is stored exclusively in your private iCloud account and is never shared with Google or any other third party. Only collaborative (shared-trip) data flows through Firebase.
Data shared with Firebase is governed by Google's Privacy Policy. Google processes this data as a data processor on behalf of LukApp, in accordance with Google's Data Processing Terms, and not for Google's own purposes.
6. Sign in with Apple
Flyfy uses Sign in with Apple as its sole authentication method. When you sign in:
- You may choose to share your real email address or use Apple's private relay email service, which creates a unique, random email address that forwards to your real email.
- We receive and store your Apple User ID (a unique identifier), your display name, and your email address (real or relay).
- We do not receive or store your Apple ID password.
- You can revoke Flyfy's access to your Apple ID at any time through your Apple ID settings (Settings > [Your Name] > Sign-In & Security > Sign in with Apple).
- If you revoke access, you will no longer be able to sign into Flyfy, and your collaborative data may become inaccessible.
7. In-App Purchases and Subscriptions
Flyfy offers three subscription tiers:
- Free: Core features with no collaboration capabilities.
- Pro: Collaboration with up to 10 people per trip, 500 MB document storage per trip. Priced at $4.99/month or $29.99/year, with a 1-week free trial.
- Business: Unlimited collaborators, 2 GB document storage per trip. Priced at $19.99/month or $149.99/year.
All purchases and subscriptions are processed entirely by Apple through the App Store. We do not collect, process, or store any payment information such as credit card numbers, billing addresses, or banking details. We receive only your subscription status (tier and expiry date) to enable the appropriate features within the App.
Subscriptions auto-renew unless cancelled at least 24 hours before the end of the current billing period. You can manage and cancel subscriptions through your App Store account settings. Refund requests must be directed to Apple.
8. Push Notifications
Flyfy uses Firebase Cloud Messaging (FCM) to deliver push notifications. These notifications may include:
- Trip invitations from other users
- Friend requests
- Updates to shared trips (new itinerary items, expenses, etc.)
- Badge and achievement unlocks
- Trip removal or departure notices
When you allow notifications, your Apple Push Notification service (APNs) device token is forwarded to Firebase Cloud Messaging. Your FCM token is stored in your Firestore user profile to enable notification delivery.
You can disable push notifications at any time through iOS Settings > Notifications > Flyfy. Disabling notifications does not affect other App functionality.
9. Data Retention
We retain your information for as long as your account is active and as necessary to provide you with the App's services.
- CloudKit data: Stored in your iCloud account for as long as you maintain your iCloud account. This data is under your control and subject to Apple's data retention policies.
- Firebase data: Collaborative data is retained while you are an active participant in shared trips. When you leave a shared trip, your access to that trip's data is removed, though the trip data may remain for other participants.
- Local data: Stored on your device until you delete the App or clear its data.
When you delete your account through the App (Profile > Settings > Delete Account), the following actions are taken:
- Your local SwiftData store is cleared.
- Your CloudKit zone data is queued for deletion from iCloud.
- Your Firestore user profile and associated collaborative data are deleted.
- Your friend connections and pending requests are removed.
- Your FCM notification token is invalidated.
Please note that some data may persist in iCloud backups or in other participants' shared trip data after account deletion. We cannot control data that has been included in other users' iCloud backups.
10. Data Security
We take the security of your personal information seriously and implement appropriate measures to protect it:
- CloudKit: All data transmitted to and from iCloud is encrypted in transit using TLS (Transport Layer Security). Data stored in iCloud is encrypted at rest by Apple. Apple manages the encryption keys.
- Firebase: Data transmitted to Firebase services is encrypted in transit using TLS. Data stored in Firestore, Realtime Database, and Firebase Storage is encrypted at rest by Google Cloud Platform.
- Local storage: Sensitive credentials (such as authentication tokens) are stored in the iOS Keychain, which provides hardware-backed encryption. No passwords are stored in plain text.
- Live location data: Real-time location beacons use Firebase Realtime Database with automatic on-disconnect cleanup, ensuring location data is removed when the user stops sharing or disconnects.
While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to implementing industry-standard protections.
11. Children's Privacy
Flyfy is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under this age.
If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information as promptly as possible. If you believe a child under 13 has provided us with personal information, please contact us at support@lukapp.ge.
12. Your Rights
12.1 For All Users
Regardless of your location, you have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate information.
- Request deletion of your account and associated data.
- Withdraw consent for data processing where consent is the legal basis.
12.2 European Economic Area (GDPR)
If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):
- Right of access: You may request a copy of the personal data we hold about you.
- Right to rectification: You may request correction of inaccurate or incomplete data.
- Right to erasure: You may request deletion of your personal data ("right to be forgotten").
- Right to data portability: You may request your data in a structured, commonly used, machine-readable format.
- Right to restrict processing: You may request that we limit how we use your data.
- Right to object: You may object to certain types of data processing.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
12.3 California (CCPA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to know: You may request information about what personal data we collect, use, and disclose.
- Right to delete: You may request deletion of your personal data.
- Right to opt-out of sale: We do not sell personal information, so this right is already satisfied.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
12.4 Exercising Your Rights
To exercise any of your rights, please contact us at support@lukapp.ge. We will respond to your request within 30 days. We may need to verify your identity before processing your request. You may also delete your account directly through the App at Profile > Settings > Delete Account.
13. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence:
- CloudKit data is stored in Apple's data centres, which are located globally. Apple maintains appropriate safeguards for international data transfers in accordance with applicable laws.
- Firebase data is processed by Google and may be stored in Google Cloud Platform regions worldwide. Google maintains Standard Contractual Clauses and other mechanisms for lawful international data transfers.
By using Flyfy, you acknowledge that your data may be transferred internationally and processed in jurisdictions that may have different data protection laws than your home jurisdiction.
14. Third-Party Links
Flyfy may contain links to third-party websites, services, or content (such as destination information, blog posts, or external travel resources). We are not responsible for the privacy practices, content, or security of these third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with Flyfy.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you by:
- Updating the "Last updated" date at the top of this policy.
- Including a notice in the App's update release notes.
- Sending an in-app notification for significant changes.
Your continued use of Flyfy after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.
16. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Company: LukApp
- Location: Tbilisi, Georgia
- Email: support@lukapp.ge
We will make every effort to respond to your enquiry within 30 days.