Swiss charter platform. Worldwide reach.

Available for you 24/7

Privacy Policy

This Privacy Policy describes how IONA JETS collects, uses, stores, shares and protects personal data in connection with the use of the Platform, in accordance with the Swiss Federal Act on Data Protection (FADP/LPD) and, where applicable, the General Data Protection Regulation (GDPR).

Article 1. Data controller.

The data controller responsible for the processing of personal data collected through the Platform is:

Legal name: Dimitri Memleb

Trade name: IONA JETS

Email: contact@ionajets.com

Registered address: Cours des Bastions 13, 1205 Geneva, Switzerland

Article 2. Personal data collected.

2.1. Data provided directly by the User.

IONA JETS may collect the following personal data when you use the Platform, submit a Flight Request, create an account or contact us:

  • (a) Identity data: first name, last name, title;
  • (b) Contact data: email address, telephone number, WhatsApp number, postal address;
  • (c) Professional data: company name, job title, department, industry;
  • (d) Flight request data: departure and arrival locations, dates, times, passenger count, cargo specifications, special requirements, aircraft preferences;
  • (e) Account data: email address, password (encrypted), authentication preferences;
  • (f) Communication data: content of messages sent via forms, email, WhatsApp or telephone (recorded by automated system);
  • (g) Callback request data: telephone number submitted through the callback form on the Platform;
  • (h) Telephone call data: voice recordings and transcripts of calls made to IONA JETS telephone numbers. All calls are handled by an automated artificial intelligence assistant and are recorded. Callers are informed at the beginning of each call that the call is managed by AI and recorded, and may disconnect if they do not consent. Call recordings may be processed for quality assurance, AI training, compliance monitoring and dispute resolution;
  • (i) Comment data: first name, last name and comment content posted on Help Center pages, displayed publicly on the Platform;
  • (j) Billing data: company name, VAT identification number, billing address and country as provided in Flight Request forms;
  • (k) Client Portal messaging data: content of messages exchanged between Clients, Shared Users and Broker Partners through the Client Portal messaging system, including sender identity, recipient identity, date, time and associated Request and Proposal references;
  • (l) Shared access data: records of Users granted or removed from shared access to a Flight Request, including the identity of the User who performed the action, the identity of the User added or removed, and the date and time of the action;
  • (m) Proposal interaction data: records of Broker Partner Proposals submitted, accepted or declined through the Client Portal, including the identity of the User who accepted or declined a Proposal, the Broker Partner identity, the date and time of the action and the content of the Proposal;
  • (n) Audit log data: a comprehensive record of all actions performed within the Client Portal, including Request creation, Proposal submissions, Proposal acceptances and refusals, message transmissions, shared access grants and removals, and ownership transfers, together with the identity of the actor, the date and time of the action and a description of the action performed;
  • (o) Email notification data: when transactional email notifications are sent in connection with your flight requests (such as new proposals, proposal status updates, messages and request confirmations), the following data is transmitted to our email delivery service provider: your email address, your first name and the flight request reference number. No flight details, contact telephone numbers, billing information or message content are included in these transmissions.

2.2. Data collected automatically.

When you access the Platform, the following data may be collected automatically through cookies, analytics tools and server logs:

  • (a) Technical data: IP address, browser type and version, operating system, device type, screen resolution;
  • (b) Usage data: pages visited, time spent on pages, click patterns, referral source, navigation paths;
  • (c) Location data: approximate geographic location derived from IP address;
  • (d) Cookie data: as described in the Cookie Policy.

2.3. Data from third-party sources.

IONA JETS does not purchase, acquire or collect personal data from third-party data brokers, social media platforms or any other external source. Personal data is collected exclusively through direct interaction with the Platform and through the communication channels listed in Article 2.1.

Article 3. Purposes and legal bases for processing.

IONA JETS processes personal data for the following purposes and on the following legal bases:

  • (a) Reviewing and processing Flight Requests submitted via email or WhatsApp. When a Flight Request is submitted via email or WhatsApp, the personal data contained in the communication is reviewed by an IONA JETS agent to assess the completeness and relevance of the inquiry before being entered into the Platform on the Client's behalf. Data used: identity data, contact data, flight request data, communication data. Legal basis: performance of the service (processing is necessary to fulfill the Client's request) and legitimate interest (assessing the relevance and completeness of the inquiry before referral to Broker Partners).
  • (b) Managing Client Portal accounts and authentication. Data used: account data, email address. Legal basis: performance of the service;
  • (c) Communicating with Users about their Requests. Data used: contact data, communication data. Legal basis: performance of the service;
  • (d) Sending the monthly newsletter. Data used: email address. Legal basis: consent (opt-in);
  • (e) Processing callback requests. Data used: telephone number. Legal basis: consent (form submission);
  • (f) Improving the Platform and user experience. Data used: usage data, technical data. Legal basis: legitimate interest;
  • (g) Website analytics (Google Analytics). Data used: technical data, usage data, cookie data. Legal basis: consent (cookie banner);
  • (h) Compliance with legal obligations. Data used: all relevant data as required. Legal basis: legal obligation;
  • (i) Establishing, exercising or defending legal claims. Data used: all relevant data as required. Legal basis: legitimate interest;
  • (j) Displaying user comments on Help Center pages. Data used: first name, last name, comment content. Legal basis: consent (voluntary submission by the user);
  • (k) Facilitating the exchange of messages between Clients, Shared Users and Broker Partners through the Client Portal messaging system. Data used: messaging data, identity data, Proposal references. Legal basis: performance of the service / legitimate interest;
  • (l) Managing shared access to Flight Requests, including the addition and removal of Shared Users and the transfer of Request ownership. Data used: shared access data, identity data, email address. Legal basis: performance of the service / legitimate interest;
  • (m) Disclosing Client contact details to the selected Broker Partner upon acceptance of a Proposal. Data used: identity data, contact data, billing data. Legal basis: performance of the service (the disclosure is a necessary step in the referral process and is triggered by the explicit action of the Client or Shared User);
  • (n) Maintaining audit logs of all actions performed within the Client Portal for dispute resolution, compliance and platform integrity. Data used: audit log data. Legal basis: legitimate interest;
  • (o) Processing telephone call recordings for quality assurance, AI training and compliance. Data used: telephone call data (voice recordings and transcripts). Legal basis: consent (by remaining on the line after the notification) and legitimate interest (quality assurance and compliance);
  • (p) Sending transactional email notifications related to flight requests, proposals, messages and request status updates. Data used: email address, first name, flight request reference number. Legal basis: performance of the service / legitimate interest (ensuring Users are informed of activity related to their requests).

Article 4. Data sharing and recipients.

4.1. Broker Partners.

When you submit a Flight Request, the information contained in your Request (including flight details, dates, times, passenger count, cargo specifications and special requirements) is shared with the Broker Partner(s) to whom your Request is referred. Your contact details (name, email address, telephone number, company name, VAT identification number, billing address and country) are not shared with any Broker Partner until and unless you or a Shared User accepts a Proposal from that Broker Partner through the Client Portal. Upon acceptance, your contact details are disclosed to the selected Broker Partner to facilitate direct communication and the contracting process. The Client acknowledges that any personal information voluntarily included in Request details or in messages exchanged through the Client Portal may be visible to Broker Partners prior to acceptance and is beyond the control of IONA JETS.

Once data is shared with a Broker Partner, the Broker Partner processes it under their own privacy policy and data protection obligations. IONA JETS is not responsible for the data processing practices of Broker Partners.

4.1bis. Shared Users.

When a Client or Shared User grants shared access to a Flight Request, the invited User gains access to all information associated with that Request, including Request details, Broker Partner Proposals, attached documents, messaging history and the list of all Users currently associated with the Request (displayed by email address). The Client acknowledges that granting shared access constitutes a voluntary disclosure of Request-related information to the invited User. IONA JETS is not responsible for any use, disclosure or onward sharing of this information by Shared Users.

4.1ter. Email delivery service provider.

IONA JETS uses Resend (operated by Resend, Inc., based in the United States) as a third-party email delivery service to send transactional notifications related to your flight requests and Client Portal activity. Data transmitted to this provider is limited to your email address, first name and the contextual information necessary to deliver the notification (such as a flight request reference, a notification type and a timestamp). Resend processes this data solely for the purpose of delivering emails on behalf of IONA JETS and does not use it for any other purpose. For transfers of data to the United States, Resend relies on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable. For more information, refer to the Resend privacy policy at https://resend.com/legal/privacy-policy.

4.2. Service providers (sub-processors).

IONA JETS uses the following third-party service providers who may process personal data on our behalf to deliver the Platform. Each provider operates under a written data processing agreement and processes personal data only on documented instructions from IONA JETS.

  • (a) Netlify, Inc. Website hosting, edge content delivery, build and deployment infrastructure, serverless functions and form proxying. Personal data accessed: technical request data (IP address, user agent, requested URL) processed transiently for delivery, security and rate-limiting purposes; payloads of forms submitted through the Platform are forwarded to the IONA JETS Supabase backend without persistent storage on Netlify infrastructure. Location: United States, with global edge nodes. Safeguards: Standard Contractual Clauses (SCCs); EU-US Data Privacy Framework where applicable.
  • (b) Supabase Inc. Database (PostgreSQL), authentication, real-time messaging, file storage and serverless functions used by the IONA JETS Client Portal. Personal data processed: account credentials, Flight Request data, broker proposals, messages, attachments, audit logs, newsletter subscribers and consent records. Location: United States, with the IONA JETS production project hosted in a European Union region (Frankfurt, Germany) for primary data residency. Safeguards: Standard Contractual Clauses (SCCs); processing within the EEA for primary database operations.
  • (c) Google LLC (Google Analytics 4 and Google Tag Manager). Website analytics, usage measurement and tag delivery. Data processed only after user consent: pseudonymous user identifier, page paths viewed, events triggered, approximate (city-level) geographic location derived from IP address (the IP address itself is not retained in identifiable form). Location: United States, with EU regional processing for EEA traffic where supported. Safeguards: Standard Contractual Clauses (SCCs); EU-US Data Privacy Framework.
  • (d) Resend, Inc. Transactional email delivery for Client Portal notifications, contact form replies and newsletter delivery. Data transmitted: recipient email address, recipient first name where applicable, the body of the email and contextual references (such as a flight request identifier or a notification type). Location: United States. Safeguards: Standard Contractual Clauses (SCCs); EU-US Data Privacy Framework where applicable.
  • (e) WhatsApp (Meta Platforms Ireland Limited / Meta Platforms, Inc.). Optional communication channel made available through a click-to-chat link. Personal data is only transmitted to WhatsApp when a User actively chooses to initiate a conversation through the link. IONA JETS has no contract with WhatsApp regarding User-initiated conversations; the User's interaction with WhatsApp is governed solely by the WhatsApp privacy policy. Location: Ireland / United States. Safeguards: Standard Contractual Clauses (SCCs); EU-US Data Privacy Framework where applicable.

The list above is exhaustive at the date of last update of this Privacy Policy and reflects all sub-processors with persistent access to personal data. IONA JETS will update this list when sub-processors are added, replaced or removed. Material changes will be notified through the Platform.

4.3. No sale of personal data.

IONA JETS does not sell, rent, trade or otherwise commercially transfer personal data to any third party for marketing, advertising or any other purpose unrelated to the delivery of the referral service.

4.4. Legal and regulatory disclosure.

IONA JETS may disclose personal data where required by applicable law, regulation, legal process, court order or governmental request, or where necessary to establish, exercise or defend legal claims, protect the rights and safety of IONA JETS or third parties, or prevent fraud or other unlawful activity.

Article 5. International data transfers.

Personal data collected through the Platform may be transferred to and processed in countries outside Switzerland and the European Economic Area (EEA), particularly in connection with the service providers listed in Article 4.2 and Broker Partners operating globally.

Where personal data is transferred to a country that does not provide an adequate level of data protection as determined by the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the European Commission, IONA JETS ensures that appropriate safeguards are in place, including:

  • (a) Standard Contractual Clauses (SCCs) approved by the European Commission;
  • (b) The EU-US Data Privacy Framework (DPF) for transfers to certified US organizations;
  • (c) The Swiss-US Data Privacy Framework for transfers to certified US organizations;
  • (d) Any other legally recognized transfer mechanism applicable under the FADP or GDPR.

Article 6. Data retention.

IONA JETS retains personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to the following retention periods:

  • (a) Flight Request data: Retained for three (3) years from the date of the last interaction related to the Request, to support follow-up, dispute resolution and service improvement;
  • (b) Client Portal account data: Retained for as long as the account remains active. Upon account deletion, data is retained for a maximum of twelve (12) months for administrative and legal purposes, then permanently deleted;
  • (c) Newsletter subscription data: Retained until the subscriber unsubscribes, at which point the email address is deleted from the mailing list within thirty (30) days;
  • (d) Communication data: Retained for three (3) years from the date of the communication;
  • (e) Analytics data: Retained in accordance with Google Analytics data retention settings, currently set to fourteen (14) months;
  • (f) Callback request data: Retained for twelve (12) months from the date of the request;
  • (g) Comment data: Retained for as long as the comment remains published on the Platform. Upon user request for deletion, comments are removed within thirty (30) days. Upon account deletion, associated comments are anonymized or deleted within the same retention period applicable to account data;
  • (h) Client Portal messaging data: Retained for three (3) years from the date of the last message in the conversation, to support dispute resolution, compliance and audit requirements;
  • (i) Proposal data: Retained for three (3) years from the date of submission of the Proposal, including all attached documents, proposed dates, status changes and acceptance or refusal records;
  • (j) Shared access data: Retained for three (3) years from the date of the action (grant or removal of access), to support audit and dispute resolution;
  • (k) Audit log data: Retained for five (5) years from the date of the logged action, to support compliance, dispute resolution and legal obligations. Audit logs are immutable and cannot be modified or deleted by any User;
  • (l) Where personal data is referenced in an active audit log entry, such data may be retained for the duration of the audit log retention period, even if the standard retention period for that category of data has expired, to ensure the integrity and completeness of the audit trail;
  • (m) Telephone call recordings and transcripts: Retained for twelve (12) months from the date of the call for quality assurance and compliance purposes, then permanently deleted;
  • (n) Transactional email delivery logs: Retained by the email delivery service provider (Resend) for up to thirty (30) days for delivery monitoring and troubleshooting purposes, then automatically deleted.

At the end of the applicable retention period, personal data is permanently deleted or anonymized beyond the possibility of re-identification.

Article 7. Data security.

IONA JETS implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, loss, destruction or other unlawful processing. These measures include:

  • (a) Encryption of data in transit (TLS 1.2 or higher) on all Platform endpoints, with HTTP Strict Transport Security enforced at the edge;
  • (b) Encryption of data at rest within the Supabase backend (PostgreSQL) and the associated file storage buckets;
  • (c) Row-level security policies enforced at the database layer ensuring that each User can only access the data they are entitled to (own account data, own flight requests, own messages and own audit log entries);
  • (d) Role-based access controls within the Client Portal ensuring that Broker Partners can only access data related to their own Proposals and conversations, and that Client contact details are only disclosed upon acceptance of a Proposal;
  • (e) Bcrypt password hashing for stored credentials, time-limited bearer tokens for session continuity and short-lived signed URLs for file downloads;
  • (f) Edge-level security headers (Content Security Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) applied through the Netlify hosting infrastructure on every page response;
  • (g) Reliance on the certified security infrastructure provided by Netlify, Inc. (hosting and edge delivery) and Supabase Inc. (database, authentication, real-time and storage);
  • (h) Regular review of security practices, sub-processor compliance and dependency vulnerabilities;
  • (i) Immutable audit logging of all significant actions within the Client Portal to ensure traceability and accountability.

While IONA JETS takes reasonable measures to protect personal data, no method of electronic transmission or storage is completely secure. IONA JETS cannot guarantee absolute security and shall not be liable for any breach resulting from circumstances beyond its reasonable control.

Article 8. Rights of data subjects.

Under the FADP and, where applicable, the GDPR, you have the following rights regarding your personal data:

  • (a) Right of access: You have the right to obtain confirmation of whether your personal data is being processed and, if so, to receive a copy of that data along with information about the processing;
  • (b) Right to rectification: You have the right to request the correction of inaccurate personal data and the completion of incomplete data;
  • (c) Right to erasure: You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing, subject to any legal retention obligations;
  • (d) Right to restriction: You have the right to request the restriction of processing in certain circumstances, for example where you contest the accuracy of the data;
  • (e) Right to data portability: Where processing is based on consent or contract, you have the right to receive your personal data in a structured, commonly used and machine-readable format;
  • (f) Right to object: You have the right to object at any time to the processing of your personal data based on our legitimate interests, on grounds relating to your particular situation. You also have the absolute right to object at any time to the processing of your data for direct marketing purposes (such as our newsletter);
  • (g) Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal;
  • (h) Right to lodge a complaint: You have the right to lodge a complaint with the FDPIC or, if applicable, with a supervisory authority in your country of habitual residence within the EEA.

Please note that the right to erasure is subject to limitations where data is contained in audit logs retained for compliance and dispute resolution purposes. In such cases, the data may be anonymized rather than deleted. Additionally, messages sent through the Client Portal messaging system may be retained for the benefit of other parties to the conversation even after your account is deleted, although your identity may be anonymized.

To exercise any of these rights, please contact IONA JETS at contact@ionajets.com or by post at Cours des Bastions 13, 1205 Geneva, Switzerland. IONA JETS will respond to your request within thirty (30) days. Identification verification may be required before processing your request. To easily object to direct marketing, you can simply click the unsubscribe link included in every newsletter. To withdraw or modify your cookie consent at any time, click the My Choices link in the footer of any page of the Platform; this reopens the cookie preferences panel where you can review and change your selections.

Article 8bis. Additional rights for California residents.

If you are a resident of the State of California, you have additional rights under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, CCPA/CPRA), in addition to or in conjunction with the rights set out in Article 8 above. The provisions of this Article 8bis apply only to California residents and supplement, but do not replace, the rights set out elsewhere in this Privacy Policy.

No sale or sharing of personal information. IONA JETS does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We have not sold or shared personal information of any consumer, including consumers under sixteen (16) years of age, in the twelve (12) months preceding the publication date of this Privacy Policy. Because IONA JETS does not sell or share personal information, no Do Not Sell or Share My Personal Information link is required or displayed on the Platform.

Categories of personal information collected. The categories of personal information collected by IONA JETS in the twelve months preceding publication of this Privacy Policy correspond to the categories defined in Article 2 of this Privacy Policy and, mapped to the CCPA/CPRA categories listed in Civil Code section 1798.140(v), include: identifiers (name, email, postal address, account identifiers); customer records (contact details, billing information); commercial information (records of flight requests and quotes received); internet or other electronic network activity (cookies, log data, device and browser information); and inferences drawn from such information solely to the limited extent necessary to operate the Platform. IONA JETS does not collect biometric, geolocation (beyond city-level for analytics), or sensitive personal information beyond what is strictly required to operate the Platform and respond to flight requests.

Specific California rights. Subject to verification of identity and the limitations set out under the CCPA/CPRA, California residents have the following rights:

  • (a) Right to know: the right to request that IONA JETS disclose the categories and specific pieces of personal information collected, the categories of sources from which the information was collected, the business or commercial purposes for collecting it and the categories of third parties to whom it has been disclosed;
  • (b) Right to delete: the right to request the deletion of personal information that IONA JETS has collected, subject to applicable legal exceptions;
  • (c) Right to correct: the right to request the correction of inaccurate personal information;
  • (d) Right to limit the use of sensitive personal information: the right to direct IONA JETS to limit the use of sensitive personal information to the purposes strictly necessary to provide the requested service;
  • (e) Right to non-discrimination: the right not to be subject to discrimination for exercising any of the above rights, meaning IONA JETS will not deny services, charge different prices or provide a different level of service in retaliation for the exercise of CCPA/CPRA rights.

How to exercise California rights. California residents may submit a verifiable consumer request by emailing contact@ionajets.com with the subject line California Privacy Request, or by writing to IONA JETS, Cours des Bastions 13, 1205 Geneva, Switzerland. IONA JETS will acknowledge receipt within ten (10) business days and respond substantively within forty-five (45) days, with one possible extension of forty-five days where reasonably necessary, in accordance with the CCPA/CPRA. To verify your identity, IONA JETS may ask you to confirm specific pieces of personal information already on file. You may designate an authorized agent to make a request on your behalf, provided the agent submits written proof of authorization and you verify your identity directly with IONA JETS. There is no fee for exercising these rights, except where requests are manifestly unfounded or excessive.

Global Privacy Control. The Platform recognizes and honors the Global Privacy Control browser signal as defined in the GPC specification. When a Global Privacy Control signal is detected, IONA JETS automatically treats the request as an opt-out from the sale or sharing of personal information for the duration of the browsing session and persists this preference in a first-party cookie. The cookie preferences panel displays a notice confirming that the Global Privacy Control signal has been detected and is being honored.

Article 8ter. Automated decision-making and profiling.

IONA JETS uses an automated artificial intelligence assistant to handle telephone calls, as described in the Terms and Conditions (Article 5bis). This system processes voice data to provide general information about the Platform and its services.

The AI assistant does not make any legally binding or similarly significant decisions about callers. It does not assess creditworthiness, evaluate eligibility for services, establish pricing, accept or reject flight requests, or produce any automated decision that has legal or equivalent effects on the caller.

The processing of telephone call data by the AI assistant is limited to providing conversational responses during the call, generating recordings and transcripts for quality assurance and compliance purposes, and routing callers to the appropriate written communication channels.

IONA JETS does not engage in profiling as defined under Article 22 of the GDPR or Article 21 of the FADP. No personal data collected through the Platform is used to evaluate, score, categorize or predict personal aspects of any individual.

If you have questions about the automated processing of your data, please contact us at contact@ionajets.com.

Article 9. Cookies and tracking technologies.

The Platform uses cookies, browser local storage and similar tracking technologies to provide functionality, secure the Client Portal, analyze usage and improve the user experience. The types of cookies and storage items used, their purposes and the options available to you for managing your preferences are described in detail in the IONA JETS Cookie Policy, which is accessible from every page of the Platform.

In particular, the Platform integrates Google Analytics 4 (GA4) and Google Tag Manager, both provided by Google LLC. GA4 does not log or store complete IP addresses; IP data is used for geolocation purposes during collection and is not retained in identifiable form. Information generated by GA4 cookies is transmitted to and stored by Google on servers which may be located outside Switzerland and the EEA, subject to the safeguards described in Article 5. The Platform implements Google Consent Mode v2 with all four consent parameters (analytics_storage, ad_storage, ad_user_data and ad_personalization), which means that Google tags only collect data after, and to the extent that, you have provided consent through the cookie banner.

You can manage your cookie preferences at any time by clicking the My Choices link in the footer of any page, or by visiting /my-choices directly. The Platform also recognizes and honors the Global Privacy Control (GPC) browser signal: when GPC is detected, advertising-related categories are automatically blocked regardless of any selection in the banner.

Article 10. Children's privacy.

The IONA JETS Platform is not directed at individuals under the age of eighteen (18). IONA JETS does not knowingly collect, process or store personal data from minors. If IONA JETS becomes aware that personal data has been collected from a minor without appropriate parental or guardian consent, the data will be deleted without undue delay. If you believe that personal data of a minor has been submitted to the Platform, please contact us immediately at contact@ionajets.com.

Article 11. Modifications to this Privacy Policy.

IONA JETS reserves the right to modify this Privacy Policy at any time. The most current version is always available on the Platform with the date of last update clearly indicated. Material changes will be communicated through a notice on the Platform and, where appropriate, by email to registered Users. Continued use of the Platform after any modification constitutes acceptance of the revised Privacy Policy.

Article 12. Contact and data protection inquiries.

For any question, request or complaint regarding this Privacy Policy, the processing of your personal data or the exercise of your rights as a data subject, please contact us at contact@ionajets.com or by post at IONA JETS, Cours des Bastions 13, 1205 Geneva, Switzerland.

Data controller: Dimitri Memleb, trading as IONA JETS.

Swiss supervisory authority - Federal Data Protection and Information Commissioner (FDPIC): https://www.edoeb.admin.ch/

Last updated: April 25, 2026.