FlightMoneyBack.eu
Check your claim
AVG / GDPR

Privacy policy

Last updated: 12 juni 2026

Data controller

Twilper (trading as FlightMoneyBack.eu), sole proprietorship registered at Merelstraat 64, 8916 AX Leeuwarden, KvK 98440217, VAT NL005332508B94. Contact: privacy@flightmoneyback.eu.

What data do we process?

  • Identification: first and last name, date of birth, nationality;
  • Contact: email, phone number, postal address;
  • Financial: IBAN + account holder name (solely for payout identification);
  • Flight data: flight number, date, route, PNR booking reference, ticket class, delay facts;
  • Audit: IP address and timestamp of authorisation agreement (legal evidence).

Purposes

  1. Assessing whether EU261 applies to the flight and calculating the claim amount;
  2. Preparing and sending the claim letter to the airline;
  3. Tracking deadlines, formal notice, escalation to regulator and court;
  4. Invoicing the commission via Stripe;
  5. Complying with statutory record-keeping obligations (VAT, KvK).

Legal basis

Processing is based on:

  • Performance of a contract (Art. 6(1)(b) GDPR) - executing the claim service you requested;
  • Legal obligation (Art. 6(1)(c) GDPR) - fiscal administration;
  • Legitimate interest (Art. 6(1)(f) GDPR) - IP logging for fraud prevention and legal evidence.

Who do we share your data with?

  • Airline: claim letter including name, IBAN, flight data and proof of authorisation;
  • Stripe: for invoice sending and payment processing - Stripe is a GDPR-compliant processor;
  • Resend: email sending (transactional) - processor with SCCs;
  • Aerodatabox / RapidAPI: flight number + date only (no personal data) for flight status verification;
  • DeepSeek (AI): flight data and claim context for letter generation - we explicitly share no personal data, only aggregates;
  • Regulator (ILT): upon escalation due to airline refusal;
  • Cantonal court: in judicial proceedings;
  • Tax authorities: VAT administration via Twilper sole proprietorship.

We never sell your data to third parties for marketing purposes.

Retention periods

  • Open and ongoing claims: up to 3 years after settlement (EU261 limitation period);
  • Financial administration: 7 years (statutory fiscal obligation);
  • Magic-link tokens: maximum 24 hours after issuance;
  • Inactive accounts without claims: deleted after 12 months of inactivity upon request.

Your rights

Under the GDPR, you have the right to:

  • Access to your personal data (Art. 15);
  • Rectification of inaccurate data (Art. 16);
  • Erasure ('right to be forgotten', Art. 17) - except data required for an ongoing claim or fiscal obligation;
  • Restriction of processing (Art. 18);
  • Object to processing (Art. 21);
  • Data portability (Art. 20).

Requests can be sent to privacy@flightmoneyback.eu. We will respond within 30 days. Complaint about our handling of personal data? You can report it to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP).

Cookies

FlightMoneyBack.eu only uses functional cookies (session cookie for login). No tracking, marketing or analytics cookies. No cookie wall or consent banner required under EU ePrivacy.

Security

Personal data is stored encrypted (TLS in transit, encryption-at-rest on managed Postgres). Passwords are hashed with bcrypt. Access is limited to authorised admin of Twilper sole proprietorship.