One request, multiple quotes, plus cashback.

Here for you 24/7

Privacy Policy

This Privacy Policy describes how IONA JETS collects, uses, stores, shares and protects personal data in connection with the use of the Platform, in accordance with the Swiss Federal Act on Data Protection (FADP/LPD) and, where applicable, the General Data Protection Regulation (GDPR).

Article 1. Data controller.

The data controller responsible for the processing of personal data collected through the Platform is:

Legal name: Dimitri Memleb

Trade name: IONA JETS

Email: contact@ionajets.com

Registered address: Cours des Bastions 13, 1205 Geneva, Switzerland

Article 2. Personal data collected.

2.1. Data provided directly by the User.

IONA JETS may collect the following personal data when you use the Platform, submit a Flight Request, create an account or contact us:

  • (a) Identity data: first name, last name, title;
  • (b) Contact data: email address, telephone number, WhatsApp number, postal address;
  • (c) Professional data: company name, job title, department, industry;
  • (d) Flight request data: departure and arrival locations, dates, times, passenger count, cargo specifications, special requirements, aircraft preferences;
  • (e) Account data: email address, password (encrypted), authentication preferences;
  • (f) Communication data: content of messages sent via forms, email, WhatsApp or telephone (recorded by automated system);
  • (g) Callback request data: telephone number submitted through the callback form on the Platform;
  • (h) Telephone call data: voice recordings and transcripts of calls made to IONA JETS telephone numbers. All calls are handled by an automated artificial intelligence assistant and are recorded. Callers are informed at the beginning of each call that the call is managed by AI and recorded, and may disconnect if they do not consent. Call recordings may be processed for quality assurance, AI training, compliance monitoring and dispute resolution;
  • (i) Comment data: first name, last name and comment content posted on Help Center pages, displayed publicly on the Platform;
  • (j) Billing data: company name, VAT identification number, billing address and country as provided in Flight Request forms;
  • (k) Client Portal messaging data: content of messages exchanged between Clients, Shared Users and Broker Partners through the Client Portal messaging system, including sender identity, recipient identity, date, time and associated Request and Proposal references;
  • (l) Shared access data: records of Users granted or removed from shared access to a Flight Request, including the identity of the User who performed the action, the identity of the User added or removed, and the date and time of the action;
  • (m) Proposal interaction data: records of Broker Partner Proposals submitted, accepted or declined through the Client Portal, including the identity of the User who accepted or declined a Proposal, the Broker Partner identity, the date and time of the action and the content of the Proposal;
  • (n) Audit log data: a comprehensive record of all actions performed within the Client Portal, including Request creation, Proposal submissions, Proposal acceptances and refusals, message transmissions, shared access grants and removals, and ownership transfers, together with the identity of the actor, the date and time of the action and a description of the action performed;
  • (o) Email notification data: when transactional email notifications are sent in connection with your flight requests (such as new proposals, proposal status updates, messages and request confirmations), the following data is transmitted to our email delivery service provider: your email address, your first name and the flight request reference number. No flight details, contact telephone numbers, billing information or message content are included in these transmissions.
  • (p) Inquiry data: when you submit a question through the Let's talk form available on certain pages of the Platform, IONA JETS collects your email address, the content of your question and the URL and title of the page from which the inquiry was sent, together with the date and time of submission and the explicit consent recorded with the form. This data is used to respond to your inquiry by email.
  • (q) Account deletion request data: when you initiate the deletion of your Client Portal account, IONA JETS records the date of the request, the date scheduled for permanent processing (after the grace period), the optional reason you provide and, where applicable, the date on which you cancel the deletion request during the grace period. This data is processed for the sole purpose of giving effect to your right of erasure and for IONA JETS to evidence compliance with the corresponding legal obligation.
  • (r) Business subscription data: when you subscribe to IONA JETS Business, IONA JETS collects and processes the subscriber's name and email address, company name, billing address, VAT identification number where applicable, subscription status and invoicing records, together with the payment identifiers and metadata provided by the payment processor. Full payment card details are collected and stored exclusively by Stripe and never reach IONA JETS infrastructure.

2.2. Data collected automatically.

When you access the Platform, the following data may be collected automatically through cookies, analytics tools and server logs:

  • (a) Technical data: IP address, browser type and version, operating system, device type, screen resolution;
  • (b) Usage data: pages visited, time spent on pages, click patterns, referral source, navigation paths;
  • (c) Location data: approximate geographic location derived from IP address;
  • (d) Cookie data: as described in the Cookie Policy.

2.3. Data from third-party sources.

IONA JETS does not purchase, acquire or collect personal data from third-party data brokers, social media platforms or any other external source. Personal data is collected exclusively through direct interaction with the Platform and through the communication channels listed in Article 2.1.

2.4. Loyalty Program data.

If you choose to join the Cashback Loyalty Program, an optional benefit granted on request, we additionally process data relating to your membership: your loyalty status, your loyalty card number, the cumulative value of your completed flights, your cashback balance and the related ledger of credits and claims. Bank account details (account holder, IBAN and BIC) are collected only if and when you request a cashback payout, and solely to execute that transfer. This data is processed on the basis of the performance of the Loyalty Program terms that you have requested and accepted; it is retained for the duration of your membership, and payout records are retained for ten (10) years in accordance with applicable Swiss accounting obligations. The operation of the Program is further described in the Loyalty Program terms available on the Cashback Loyalty Program page.

Article 3. Purposes and legal bases for processing.

IONA JETS processes personal data for the following purposes and on the following legal bases:

  • (a) Reviewing and processing Flight Requests submitted via email or WhatsApp. When a Flight Request is submitted via email or WhatsApp, the personal data contained in the communication is reviewed by an IONA JETS agent to assess the completeness and relevance of the inquiry before being entered into the Platform on the Client's behalf. Data used: identity data, contact data, flight request data, communication data. Legal basis: performance of the service (processing is necessary to fulfill the Client's request) and legitimate interest (assessing the relevance and completeness of the inquiry before referral to Broker Partners).
  • (b) Managing Client Portal accounts and authentication. Data used: account data, email address. Legal basis: performance of the service;
  • (c) Communicating with Users about their Requests. Data used: contact data, communication data. Legal basis: performance of the service;
  • (d) Sending the monthly newsletter. Data used: email address. Legal basis: consent (opt-in);
  • (e) Processing callback requests. Data used: telephone number. Legal basis: consent (form submission);
  • (f) Improving the Platform and user experience. Data used: usage data, technical data. Legal basis: legitimate interest;
  • (g) Website analytics (Google Analytics). Data used: technical data, usage data, cookie data. Legal basis: consent (cookie banner);
  • (h) Compliance with legal obligations. Data used: all relevant data as required. Legal basis: legal obligation;
  • (i) Establishing, exercising or defending legal claims. Data used: all relevant data as required. Legal basis: legitimate interest;
  • (j) Displaying user comments on Help Center pages. Data used: first name, last name, comment content. Legal basis: consent (voluntary submission by the user);
  • (k) Facilitating the exchange of messages between Clients, Shared Users and Broker Partners through the Client Portal messaging system. Data used: messaging data, identity data, Proposal references. Legal basis: performance of the service / legitimate interest;
  • (l) Managing shared access to Flight Requests, including the addition and removal of Shared Users and the transfer of Request ownership. Data used: shared access data, identity data, email address. Legal basis: performance of the service / legitimate interest;
  • (m) Disclosing Client contact details to the selected Broker Partner upon acceptance of a Proposal. Data used: identity data, contact data, billing data. Legal basis: performance of the service (the disclosure is a necessary step in the referral process and is triggered by the explicit action of the Client or Shared User);
  • (n) Maintaining audit logs of all actions performed within the Client Portal for dispute resolution, compliance and platform integrity. Data used: audit log data. Legal basis: legitimate interest;
  • (o) Processing telephone call recordings for quality assurance, AI training and compliance. Data used: telephone call data (voice recordings and transcripts). Legal basis: consent (by remaining on the line after the notification) and legitimate interest (quality assurance and compliance);
  • (p) Sending transactional email notifications related to flight requests, proposals, messages and request status updates. Data used: email address, first name, flight request reference number. Legal basis: performance of the service / legitimate interest (ensuring Users are informed of activity related to their requests). Users may control the granularity of these notifications through the Notifications panel in their account, except for legally required communications which cannot be disabled.
  • (q) Responding to inquiries submitted through the Let's talk form. Data used: inquiry data. Legal basis: consent (form submission with explicit privacy policy agreement) and pre-contractual measures taken at the request of the data subject.
  • (r) Processing account deletion requests, applying the thirty-day grace period, anonymizing or deleting account data at the end of the grace period and demonstrating compliance with applicable data protection law. Data used: account deletion request data, audit log data. Legal basis: legal obligation (giving effect to the right of erasure under FADP and GDPR) and legitimate interest (evidencing compliance with that obligation).
  • (s) Managing IONA JETS Business subscriptions: processing subscription signups, payments, invoicing and renewals through the payment processor Stripe, and maintaining the related accounting records. Data used: Business subscription data. Legal basis: performance of the contract (provision of the subscribed service) and legal obligation (accounting and tax requirements).

Article 4. Data sharing and recipients.

4.1. Broker Partners.

When you submit a Flight Request, the information contained in your Request (including flight details, dates, times, passenger count, cargo specifications and special requirements) is shared with the Broker Partner(s) to whom your Request is referred. Your contact details (name, email address, telephone number, company name, VAT identification number, billing address and country) are not shared with any Broker Partner until and unless you or a Shared User accepts a Proposal from that Broker Partner through the Client Portal. Upon acceptance, your contact details are disclosed to the selected Broker Partner to facilitate direct communication and the contracting process. The Client acknowledges that any personal information voluntarily included in Request details or in messages exchanged through the Client Portal may be visible to Broker Partners prior to acceptance and is beyond the control of IONA JETS.

Once data is shared with a Broker Partner, the Broker Partner processes it under their own privacy policy and data protection obligations. IONA JETS is not responsible for the data processing practices of Broker Partners.

4.1bis. Shared Users.

When a Client or Shared User grants shared access to a Flight Request, the invited User gains access to all information associated with that Request, including Request details, Broker Partner Proposals, attached documents, messaging history and the list of all Users currently associated with the Request (displayed by email address). The Client acknowledges that granting shared access constitutes a voluntary disclosure of Request-related information to the invited User. IONA JETS is not responsible for any use, disclosure or onward sharing of this information by Shared Users.

4.2. Service providers (sub-processors).

IONA JETS uses the following third-party service providers who may process personal data on our behalf to deliver the Platform. Each provider operates under a written data processing agreement and processes personal data only on documented instructions from IONA JETS.

  • (a) Cloudflare, Inc. Website hosting, edge content delivery, DNS resolution, build and deployment infrastructure, edge functions, bot management and DDoS protection. Personal data accessed: technical request data (IP address, user agent, requested URL, TLS fingerprint) processed transiently for delivery, security and rate-limiting purposes; payloads of forms submitted through the Platform are forwarded to the IONA JETS Supabase backend without persistent storage on Cloudflare infrastructure. Location: United States, with global edge nodes (including European points of presence used in priority for European visitors). Safeguards: Standard Contractual Clauses (SCCs); EU-US Data Privacy Framework where applicable.
  • (b) Supabase Inc. Database (PostgreSQL), authentication, real-time messaging, file storage and serverless functions used by the IONA JETS Client Portal. Personal data processed: account credentials, Flight Request data, broker proposals, messages, attachments, audit logs, newsletter subscribers and consent records. Location: United States, with the IONA JETS production project hosted in Switzerland (Zurich region) for primary data residency. Safeguards: Standard Contractual Clauses (SCCs); primary database operations take place within Switzerland, a country the European Commission recognizes as ensuring an adequate level of data protection.
  • (c) Google LLC (Google Analytics 4 and Google Tag Manager). Website analytics, usage measurement and tag delivery. Data processed only after user consent: pseudonymous user identifier, page paths viewed, events triggered, approximate (city-level) geographic location derived from IP address (the IP address itself is not retained in identifiable form). Location: United States, with EU regional processing for EEA traffic where supported. Safeguards: Standard Contractual Clauses (SCCs); EU-US Data Privacy Framework.
  • (d) Resend, Inc. Transactional email delivery for Client Portal notifications, contact form replies and newsletter delivery. Data transmitted: recipient email address, recipient first name where applicable, the body of the email and contextual references (such as a flight request identifier or a notification type). Location: United States. Safeguards: Standard Contractual Clauses (SCCs); EU-US Data Privacy Framework where applicable. Privacy policy: Resend privacy policy.
  • (e) WhatsApp (Meta Platforms Ireland Limited / Meta Platforms, Inc.). Optional communication channel made available through a click-to-chat link. Personal data is only transmitted to WhatsApp when a User actively chooses to initiate a conversation through the link. IONA JETS has no contract with WhatsApp regarding User-initiated conversations; the User's interaction with WhatsApp is governed solely by the WhatsApp privacy policy. Location: Ireland / United States. Safeguards: Standard Contractual Clauses (SCCs); EU-US Data Privacy Framework where applicable.
  • (f) Google LLC (Google Maps Platform). Display of interactive maps on destination pages. Loaded only after the User has activated the corresponding category in the cookie consent panel. Data transmitted upon loading: IP address, user agent, basic technical and device information, the geographic coordinates and zoom level of the requested map tiles. Google may set its own cookies (NID and similar) when the User loads a map. Location: United States, with European edge servers used for routing where available. Safeguards: Standard Contractual Clauses (SCCs); EU-US Data Privacy Framework. Users who do not wish to share data with Google Maps may simply leave the External Services category disabled in the cookie preferences panel.
  • (g) Stripe Payments Europe, Ltd. Payment processing, subscription billing and invoicing for the IONA JETS Business subscription. Personal data processed: cardholder name, email address, billing address, VAT identification number where applicable, payment card details (collected and stored exclusively by Stripe) and subscription and invoice metadata. Stripe acts as a processor for subscription management data and as an independent controller for the fraud prevention and regulatory compliance aspects of payment processing, under its own privacy policy. Location: Ireland (European Union), with certain processing by Stripe, Inc. (United States). Safeguards: Standard Contractual Clauses (SCCs); EU-US Data Privacy Framework where applicable. Privacy: Stripe privacy policy.

The list above is exhaustive at the date of last update of this Privacy Policy and reflects all sub-processors with persistent access to personal data. IONA JETS will update this list when sub-processors are added, replaced or removed. Material changes will be notified through the Platform.

4.3. No sale of personal data.

IONA JETS does not sell, rent, trade or otherwise commercially transfer personal data to any third party for marketing, advertising or any other purpose unrelated to the delivery of the referral service.

4.4. Legal and regulatory disclosure.

IONA JETS may disclose personal data where required by applicable law, regulation, legal process, court order or governmental request, or where necessary to establish, exercise or defend legal claims, protect the rights and safety of IONA JETS or third parties, or prevent fraud or other unlawful activity.

Article 5. International data transfers.

Personal data collected through the Platform may be transferred to and processed in countries outside Switzerland and the European Economic Area (EEA), particularly in connection with the service providers listed in Article 4.2 and Broker Partners operating globally.

Where personal data is transferred to a country that does not provide an adequate level of data protection as determined by the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the European Commission, IONA JETS ensures that appropriate safeguards are in place, including:

  • (a) Standard Contractual Clauses (SCCs) approved by the European Commission;
  • (b) The EU-US Data Privacy Framework (DPF) for transfers to certified US organizations;
  • (c) The Swiss-US Data Privacy Framework for transfers to certified US organizations;
  • (d) Any other legally recognized transfer mechanism applicable under the FADP or GDPR.

Article 6. Data retention.

IONA JETS retains personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to the following retention periods:

  • (a) Flight Request data: Retained for three (3) years from the date of the last interaction related to the Request, to support follow-up, dispute resolution and service improvement;
  • (b) Client Portal account data and notification settings: Retained for as long as the account remains active. Upon receipt of a deletion request from the account holder (submitted through the My account panel or by email), the account enters a thirty (30) day grace period during which the User may cancel the deletion. At the end of the grace period: (i) if the User has no flight requests with an accepted broker proposal, the account and all associated data are permanently deleted within fifteen (15) days; (ii) if the User has one or more flight requests with an accepted broker proposal, identifying personal data (first name, last name, phone, company, country) is anonymized, while the records of the accepted transaction (flight request reference, dates, broker name, accepted proposal amount, audit log entries) are retained for ten (10) years from the year-end of the accepted transaction in compliance with the mandatory accounting record retention obligations under article 958f of the Swiss Code of Obligations. Once the ten-year period has expired, the residual records are permanently deleted;
  • (c) Newsletter subscription data: Retained until the subscriber unsubscribes, at which point the email address is deleted from the mailing list within thirty (30) days;
  • (d) Communication data: Retained for three (3) years from the date of the communication;
  • (e) Analytics data: Retained in accordance with Google Analytics data retention settings, currently set to fourteen (14) months;
  • (f) Callback request data: Retained for twelve (12) months from the date of the request;
  • (g) Comment data: Retained for as long as the comment remains published on the Platform. Upon user request for deletion, comments are removed within thirty (30) days. Upon account deletion, associated comments are anonymized or deleted within the same retention period applicable to account data;
  • (h) Client Portal messaging data: Retained for three (3) years from the date of the last message in the conversation, to support dispute resolution, compliance and audit requirements;
  • (i) Proposal data: Retained for three (3) years from the date of submission of the Proposal, including all attached documents, proposed dates, status changes and acceptance or refusal records;
  • (j) Shared access data: Retained for three (3) years from the date of the action (grant or removal of access), to support audit and dispute resolution;
  • (k) Audit log data: Retained for five (5) years from the date of the logged action, to support compliance, dispute resolution and legal obligations. Audit logs are immutable and cannot be modified or deleted by any User;
  • (l) Where personal data is referenced in an active audit log entry, such data may be retained for the duration of the audit log retention period, even if the standard retention period for that category of data has expired, to ensure the integrity and completeness of the audit trail;
  • (m) Telephone call recordings and transcripts: Retained for twelve (12) months from the date of the call for quality assurance and compliance purposes, then permanently deleted;
  • (n) Transactional email delivery logs: Retained by the email delivery service provider (Resend) for up to thirty (30) days for delivery monitoring and troubleshooting purposes, then automatically deleted.
  • (o) Inquiry data submitted through the Let's talk form: Retained for twenty-four (24) months from the date of the last interaction with the inquirer (initial submission or subsequent reply). At the end of this period, the inquiry record is permanently deleted. This duration reflects the principle of proportionality applicable under the Swiss Federal Act on Data Protection and the General Data Protection Regulation, aligned with the European supervisory practice of limiting the retention of unconverted prospect contact data to the period strictly necessary to manage the relationship;
  • (p) Account deletion request data: Records of completed deletion requests are retained as part of the audit log entries described in (k) for a duration of five (5) years from the date the deletion was processed, in order to evidence the lawful processing of the right of erasure. Pending requests canceled by the User during the grace period are retained for thirty (30) days after cancellation and then deleted.
  • (q) Business subscription and billing data: subscription account data is retained for the duration of the subscription. Invoices and transaction records are retained for ten (10) years from the year-end of the relevant transaction in compliance with the accounting record retention obligations under article 958f of the Swiss Code of Obligations, then permanently deleted.

At the end of the applicable retention period, personal data is permanently deleted or anonymized beyond the possibility of re-identification.

Article 7. Data security.

IONA JETS implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, loss, destruction or other unlawful processing. These measures include:

  • (a) Encryption of data in transit (TLS 1.2 or higher) on all Platform endpoints, with HTTP Strict Transport Security enforced at the edge;
  • (b) Encryption of data at rest within the Supabase backend (PostgreSQL) and the associated file storage buckets;
  • (c) Row-level security policies enforced at the database layer ensuring that each User can only access the data they are entitled to (own account data, own flight requests, own messages and own audit log entries);
  • (d) Role-based access controls within the Client Portal ensuring that Broker Partners can only access data related to their own Proposals and conversations, and that Client contact details are only disclosed upon acceptance of a Proposal;
  • (e) Bcrypt password hashing for stored credentials, time-limited bearer tokens for session continuity and short-lived signed URLs for file downloads;
  • (f) Edge-level security headers (Content Security Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, Strict-Transport-Security with HSTS preload) applied through the Cloudflare hosting infrastructure on every page response;
  • (g) Reliance on the certified security infrastructure provided by Cloudflare, Inc. (hosting, edge delivery, bot management and DDoS protection) and Supabase Inc. (database, authentication, real-time and storage);
  • (h) Regular review of security practices, sub-processor compliance and dependency vulnerabilities;
  • (i) Immutable audit logging of all significant actions within the Client Portal to ensure traceability and accountability.

While IONA JETS takes reasonable measures to protect personal data, no method of electronic transmission or storage is completely secure. IONA JETS cannot guarantee absolute security and shall not be liable for any breach resulting from circumstances beyond its reasonable control.

Article 8. Rights of data subjects.

Under the FADP and, where applicable, the GDPR, you have the following rights regarding your personal data:

  • (a) Right of access: You have the right to obtain confirmation of whether your personal data is being processed and, if so, to receive a copy of that data along with information about the processing;
  • (b) Right to rectification: You have the right to request the correction of inaccurate personal data and the completion of incomplete data;
  • (c) Right to erasure: You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing, subject to any legal retention obligations;
  • (d) Right to restriction: You have the right to request the restriction of processing in certain circumstances, for example where you contest the accuracy of the data;
  • (e) Right to data portability: Where processing is based on consent or contract, you have the right to receive your personal data in a structured, commonly used and machine-readable format;
  • (f) Right to object: You have the right to object at any time to the processing of your personal data based on our legitimate interests, on grounds relating to your particular situation. You also have the absolute right to object at any time to the processing of your data for direct marketing purposes (such as our newsletter);
  • (g) Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal;
  • (h) Right to lodge a complaint: You have the right to lodge a complaint with the FDPIC or, if applicable, with a supervisory authority in your country of habitual residence within the EEA.

Please note that the right to erasure is subject to limitations where data is contained in audit logs retained for compliance and dispute resolution purposes. In such cases, the data may be anonymized rather than deleted. Additionally, messages sent through the Client Portal messaging system may be retained for the benefit of other parties to the conversation even after your account is deleted, although your identity may be anonymized.

To exercise any of these rights, please contact IONA JETS at contact@ionajets.com or by post at Cours des Bastions 13, 1205 Geneva, Switzerland. IONA JETS will respond to your request within thirty (30) days. Identification verification may be required before processing your request. To easily object to direct marketing, you can simply click the unsubscribe link included in every newsletter. To withdraw or modify your cookie consent at any time, click the My Choices link in the footer of any page of the Platform; this reopens the cookie preferences panel where you can review and change your selections.

Self-service exercise of rights for registered Users. If you have a Client Portal account, you may exercise the rights of access and erasure directly from the My account panel without having to contact IONA JETS by email:

  • (a) Right of access (data portability): the Privacy tab provides a one-click button to download a complete export of the personal data associated with your account in a structured, commonly used and machine-readable format (JSON), including profile data, notification preferences, flight requests, broker proposals, messages sent and shared access records;
  • (b) Right of erasure: the Privacy tab provides a button to schedule the deletion of your account. Submitting a deletion request opens a thirty (30) day grace period during which the deletion can be canceled with a single click in the same panel. At the end of the grace period, your data is processed in accordance with Article 6.b of this Privacy Policy;
  • (c) Right of rectification: the Profile tab allows you to update your first name, last name, phone, company name and country at any time. Email address changes are handled through the Security tab with re-authentication;
  • (d) Cancellation of pending Flight Requests: the flight request detail page allows you to cancel any of your pending flight requests at any time before a broker proposal has been accepted, which immediately removes the request from broker visibility and stops any further processing of the data contained in the request.

The right to lodge a complaint with the FDPIC or another supervisory authority remains available regardless of whether you have used the self-service tools.

Article 8bis. Additional rights for California residents.

If you are a resident of the State of California, you have additional rights under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, CCPA/CPRA), in addition to or in conjunction with the rights set out in Article 8 above. The provisions of this Article 8bis apply only to California residents and supplement, but do not replace, the rights set out elsewhere in this Privacy Policy.

No sale or sharing of personal information. IONA JETS does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We have not sold or shared personal information of any consumer, including consumers under sixteen (16) years of age, in the twelve (12) months preceding the publication date of this Privacy Policy. Because IONA JETS does not sell or share personal information, no Do Not Sell or Share My Personal Information link is required or displayed on the Platform.

Categories of personal information collected. The categories of personal information collected by IONA JETS in the twelve months preceding publication of this Privacy Policy correspond to the categories defined in Article 2 of this Privacy Policy and, mapped to the CCPA/CPRA categories listed in Civil Code section 1798.140(v), include: identifiers (name, email, postal address, account identifiers); customer records (contact details, billing information); commercial information (records of flight requests and quotes received); internet or other electronic network activity (cookies, log data, device and browser information); and inferences drawn from such information solely to the limited extent necessary to operate the Platform. IONA JETS does not collect biometric, geolocation (beyond city-level for analytics), or sensitive personal information beyond what is strictly required to operate the Platform and respond to flight requests.

Specific California rights. Subject to verification of identity and the limitations set out under the CCPA/CPRA, California residents have the following rights:

  • (a) Right to know: the right to request that IONA JETS disclose the categories and specific pieces of personal information collected, the categories of sources from which the information was collected, the business or commercial purposes for collecting it and the categories of third parties to whom it has been disclosed;
  • (b) Right to delete: the right to request the deletion of personal information that IONA JETS has collected, subject to applicable legal exceptions, including in particular the mandatory accounting record retention obligations under article 958f of the Swiss Code of Obligations which require IONA JETS to retain records of completed transactions in anonymized form for ten (10) years (see Article 6.b of this Privacy Policy);
  • (c) Right to correct: the right to request the correction of inaccurate personal information;
  • (d) Right to limit the use of sensitive personal information: the right to direct IONA JETS to limit the use of sensitive personal information to the purposes strictly necessary to provide the requested service;
  • (e) Right to non-discrimination: the right not to be subject to discrimination for exercising any of the above rights, meaning IONA JETS will not deny services, charge different prices or provide a different level of service in retaliation for the exercise of CCPA/CPRA rights.

How to exercise California rights. California residents may submit a verifiable consumer request by emailing contact@ionajets.com with the subject line California Privacy Request, or by writing to IONA JETS, Cours des Bastions 13, 1205 Geneva, Switzerland. IONA JETS will acknowledge receipt within ten (10) business days and respond substantively within forty-five (45) days, with one possible extension of forty-five days where reasonably necessary, in accordance with the CCPA/CPRA. To verify your identity, IONA JETS may ask you to confirm specific pieces of personal information already on file. You may designate an authorized agent to make a request on your behalf, provided the agent submits written proof of authorization and you verify your identity directly with IONA JETS. There is no fee for exercising these rights, except where requests are manifestly unfounded or excessive.

Global Privacy Control. The Platform recognizes and honors the Global Privacy Control browser signal as defined in the GPC specification. When a Global Privacy Control signal is detected, IONA JETS automatically treats the request as an opt-out from the sale or sharing of personal information for the duration of the browsing session and persists this preference in a first-party cookie. The cookie preferences panel displays a notice confirming that the Global Privacy Control signal has been detected and is being honored.

Article 8ter. Automated decision-making and profiling.

IONA JETS uses an automated artificial intelligence assistant to handle telephone calls, as described in the Terms of Service (Article 5bis). This system processes voice data to provide general information about the Platform and its services.

The AI assistant does not make any legally binding or similarly significant decisions about callers. It does not assess creditworthiness, evaluate eligibility for services, establish pricing, accept or reject flight requests, or produce any automated decision that has legal or equivalent effects on the caller.

The processing of telephone call data by the AI assistant is limited to providing conversational responses during the call, generating recordings and transcripts for quality assurance and compliance purposes, and routing callers to the appropriate written communication channels.

IONA JETS does not engage in profiling as defined under Article 22 of the GDPR or Article 21 of the FADP. No personal data collected through the Platform is used to evaluate, score, categorize or predict personal aspects of any individual.

If you have questions about the automated processing of your data, please contact us at contact@ionajets.com.

Article 9. Cookies and tracking technologies.

The Platform uses cookies, browser local storage and similar tracking technologies to provide functionality, secure the Client Portal, analyze usage and improve the user experience. The types of cookies and storage items used, their purposes and the options available to you for managing your preferences are described in detail in the IONA JETS Cookie Policy, which is accessible from every page of the Platform.

In particular, the Platform integrates Google Analytics 4 (GA4) and Google Tag Manager, both provided by Google LLC. GA4 does not log or store complete IP addresses; IP data is used for geolocation purposes during collection and is not retained in identifiable form. Information generated by GA4 cookies is transmitted to and stored by Google on servers which may be located outside Switzerland and the EEA, subject to the safeguards described in Article 5. The Platform implements Google Consent Mode v2 with all four consent parameters (analytics_storage, ad_storage, ad_user_data and ad_personalization), which means that Google tags only collect data after, and to the extent that, you have provided consent through the cookie banner.

You can manage your cookie preferences at any time by clicking the My Choices link in the footer of any page, or by visiting /my-choices directly. The Platform also recognizes and honors the Global Privacy Control (GPC) browser signal: when GPC is detected, advertising-related categories are automatically blocked regardless of any selection in the banner.

Article 10. Children's privacy.

The IONA JETS Platform is not directed at individuals under the age of eighteen (18). IONA JETS does not knowingly collect, process or store personal data from minors. If IONA JETS becomes aware that personal data has been collected from a minor without appropriate parental or guardian consent, the data will be deleted without undue delay. If you believe that personal data of a minor has been submitted to the Platform, please contact us immediately at contact@ionajets.com.

Article 11. Modifications to this Privacy Policy.

IONA JETS reserves the right to modify this Privacy Policy at any time. The most current version is always available on the Platform with the date of last update clearly indicated. Material changes will be communicated through a notice on the Platform and, where appropriate, by email to registered Users. Continued use of the Platform after any modification constitutes acceptance of the revised Privacy Policy.

Article 12. Contact and data protection inquiries.

For any question, request or complaint regarding this Privacy Policy, the processing of your personal data or the exercise of your rights as a data subject, please contact us at contact@ionajets.com or by post at IONA JETS, Cours des Bastions 13, 1205 Geneva, Switzerland.

Data controller: Dimitri Memleb, trading as IONA JETS.

Swiss supervisory authority - Federal Data Protection and Information Commissioner (FDPIC): Swiss authority website

French supervisory authority - Commission Nationale de l'Informatique et des Libertés (CNIL): French authority website

Spanish supervisory authority - Spanish Data Protection Agency (AEPD): Spanish authority website

Last updated: June 10, 2026.