Skip to content

Privacy Policy

Dernière mise à jour : 5/13/2026

Privacy Policy

This Privacy Policy explains how Meetricks, LLC (hereinafter "Meetricks", "SkyEntry", "we", "us") collects, uses, shares and protects the personal data of users (hereinafter "you", "the User") of the website skyentry.co and the related services (the "Services").

It complements our Terms of Service, our Cookies Policy and our Refund Policy, and is itself complemented by a dedicated GDPR notice that restates the obligations specific to Regulation (EU) 2016/679.

---

1. Data Controller

The data controller within the meaning of Article 4 (7) of the General Data Protection Regulation ("GDPR") is:

> Meetricks, LLC > 1013 Centre Rd, Suite 403A > Wilmington, DE 19805 > United States of America > Trading as: SkyEntry — skyentry.co > Contact: contact@skyentry.co

Meetricks, LLC is a US-incorporated entity (State of Delaware). In line with the publisher's strategic choice, no representative within the European Union has been designated under Article 27 GDPR at this time. You may nevertheless exercise all your rights directly with us at contact@skyentry.co, which is the single point of contact for any request regarding your personal data.

No dedicated Data Protection Officer (DPO) has been appointed. GDPR-related requests are handled by Meetricks, LLC's management team, reachable at the same address.

---

2. Categories of Data We Collect

We follow a purpose-and-category approach. The seven categories below cover every type of personal data we may collect or process while operating the Services.

2.1 Identity Data

  • First name, last name
  • Date of birth (where required by the airport partner or the airline)
  • Title / salutation
  • Nationality (where required by the fast-track service)

    • 2.2 Contact Data

  • Email address
  • Phone number (mobile, used for service notifications and SMS confirmations)
  • Billing postal address, where applicable

    • 2.3 Transaction Data

  • Details of Services purchased (date, airport, terminal, booked time slot)
  • Subscription and payment history (amounts, currencies, dates)
  • Stripe transaction identifiers (token, payment intent)
  • Card details are not stored on our side: payment card information is collected and stored directly by Stripe, a payment processor certified PCI DSS Level 1

    • 2.4 Technical Data

  • IP address
  • Browser type, version and identifier
  • Operating system and device type
  • Pages visited, access date and time, session duration
  • Cookie and pixel identifiers (see Cookies Policy)

    • 2.5 Profile Data

  • Login credentials (email + password hashed using bcrypt — we never store passwords in clear text)
  • Language preferences (FR, EN, DE, ES, IT)
  • Notification preferences (email, SMS, browser push)
  • Pictures uploaded to your account (travel evidence, where applicable)

    • 2.6 Usage Data

  • Page interactions, clicks and user journey
  • Past, abandoned or cancelled bookings
  • Support tickets and messages exchanged with our support team and AI Helpdesk

    • 2.7 Marketing Data

  • Consents granted or withdrawn (newsletter, prospecting, product updates)
  • Campaign engagement (open and click rates)
  • Attribution sources (UTMs, referrals, affiliates)

    • 2.8 Travel Data (Service-specific)

    > Because the SkyEntry Service is by nature an airport fast-track Service, we process specific travel-related data that you provide to us or that we receive from our partner HighPass:

  • Travel document number and type (passport or national ID, depending on destination)
  • Document expiry date
  • Flight number and airline
  • Airport, terminal and chosen passing time slot
  • Booking status on the airport partner side (confirmed, no-show, supplier-failed)

This data is strictly necessary to perform the Service and is never used for commercial purposes. It is shared with the airport partner HighPass solely for the duration of the service delivery.

---

3. Legal Bases for Processing (Art. 6 GDPR)

Each processing operation relies on a clearly identified legal basis:

| Purpose | Legal basis | GDPR reference | |---|---|---| | Account creation and management | Performance of a contract | Art. 6 (1) (b) | | Booking, confirmation and execution of a fast-track | Performance of a contract | Art. 6 (1) (b) | | Charging, subscription and billing through Stripe | Performance of a contract | Art. 6 (1) (b) | | Storage of accounting records and invoices | Legal obligation | Art. 6 (1) (c) | | Security, fraud detection and logging | Legitimate interest | Art. 6 (1) (f) | | Aggregated analytics and Service improvement | Legitimate interest | Art. 6 (1) (f) | | Newsletter and email marketing | Consent | Art. 6 (1) (a) | | Non-exempt audience-measurement cookies | Consent | Art. 6 (1) (a) | | Replies to lawful requests from authorities | Legal obligation | Art. 6 (1) (c) |

When relying on legitimate interest, we have run a balancing test against your rights and freedoms, in line with Recital 47 of the GDPR. You may object to any legitimate-interest-based processing at any time (see § 8).

---

4. Sub-processors and Recipients of Your Data

In line with Article 28 GDPR, all our sub-processors are bound by contract. None of them processes your data on its own account beyond the service we entrust to it.

| Sub-processor | Purpose | Location | Transfer safeguard | |---|---|---|---| | Railway Corp. (548 Market St #95960, San Francisco CA 94104, USA) | Application and database hosting | United States (multi-region, at minimum `us-west2`) | EU-US Standard Contractual Clauses (SCCs) | | Stripe Payments Europe Ltd. | Payments, subscriptions, payment-method management | Ireland (EU) | Intra-EU processing — no transfer outside the EEA | | HighPass | Airport fast-track booking and execution (industry partner hosted on Microsoft Azure infrastructure) | European Union / United Kingdom — Azure hosting | EU-US SCCs where applicable | | Resend, Inc. | Transactional email delivery and inbound email webhook | United States | EU-US SCCs | | Anthropic, PBC | AI Helpdesk (customer support powered by Claude) | United States | EU-US SCCs and Data Processing Agreement (DPA) | | Twilio Inc. (where applicable) | SMS service notifications | United States | EU-US SCCs | | Upstash, Inc. | Rate limiting and transient Redis queue | United States / EU depending on region | EU-US SCCs where applicable | | Google LLC | Google OAuth, Google Analytics 4, Google Tag Manager, Google Wallet, Google Ads (conversion measurement) | United States | EU-US SCCs | | Apple Inc. | Apple Wallet pass generation | United States | EU-US SCCs | | Mozilla, Microsoft, Google (via Web Push VAPID) | Browser push notifications | United States and EU depending on browser | EU-US SCCs where applicable | | Discord, Inc. | Internal notification webhooks (payments, support) — never receives passenger data | United States | EU-US SCCs |

This list may evolve over time; any change will result in an update of this Policy and, where appropriate, an adequate notification.

---

5. International Data Transfers

Some of your data is transferred to countries outside the European Economic Area, in particular the United States (Railway hosting, Resend emails, Anthropic AI, Google Analytics, Apple Wallet, etc.).

These transfers are framed by the Standard Contractual Clauses adopted by the European Commission on 4 June 2021 (Implementing Decision (EU) 2021/914). When a sub-processor is certified under the EU-US Data Privacy Framework (e.g. Google, Stripe, Anthropic), we additionally rely on that certification.

> Key information. Meetricks, LLC is itself established in the United States. The very fact of using the Service implies a transfer of your data to the United States. By signing up or making a booking, you acknowledge this transfer. Without prejudice to mandatory provisions of the law of your country of residence, these transfers are made in strict compliance with Chapter V of the GDPR.

---

6. Retention Periods

| Data category | Retention period | Basis | |---|---|---| | Active customer account | Duration of the contractual relationship + 3 years after last contact | Commercial limitation period | | Booking and travel data (passport, flight, terminal, slot) | 6 months after the travel date, then deletion or anonymisation | Strictly necessary to deliver the service and post-travel support | | Invoices and accounting records | 10 years from the end of the financial year | Accounting and tax obligation | | Payment data (Stripe token) | Subscription duration + chargeback window (180 days) | Performance of the contract | | Cookies and technical identifiers | 13 months maximum | CNIL guidance (Resolution n° 2020-091) | | Marketing data (email prospects) | 3 years from last contact | CNIL guidance | | Connection and security logs | 1 year maximum | Article L.34-1 of the French Postal and Electronic Communications Code | | Support tickets and AI Helpdesk transcripts | 24 months | Service quality and continuous improvement | | GDPR requests (proof of exercise) | 5 years | Compliance evidence |

At the end of the retention period, data is securely deleted or irreversibly anonymised, except where a legal obligation requires otherwise.

---

7. Security

We implement appropriate technical and organisational measures to preserve the confidentiality, integrity and availability of your data:

  • TLS 1.2+ encryption of all communication between your browser and our servers
  • Password hashing with bcrypt (cost ≥ 10)
  • Restricted database access, limited to authorised team members and audit-logged
  • Regular encrypted backups
  • Periodic security testing and logging of administrative access
  • Stripe and HighPass are certified PCI DSS / ISO 27001 in line with industry standards

No system is fully impervious to risk; you acknowledge that transmitting data over the Internet involves a residual risk. In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you under the conditions of Article 34 of the GDPR.

---

8. Your Rights (Art. 15 to 22 GDPR)

You may, at any time, exercise the following rights:

1. Right of access (Art. 15) — obtain confirmation as to whether or not your data is being processed and, where applicable, a copy of it. 2. Right to rectification (Art. 16) — have inaccurate or incomplete data corrected. 3. Right to erasure ("right to be forgotten", Art. 17) — request deletion of your data in the cases provided for by the GDPR. 4. Right to restriction of processing (Art. 18) — request the temporary suspension of a processing operation in case of dispute. 5. Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format, or have it transmitted directly to another controller. 6. Right to object (Art. 21) — object to a processing based on legitimate interest, in particular for direct marketing purposes. 7. Right to withdraw consent (Art. 7 §3) — for processing relying on consent, at any time and without justification. 8. Right concerning automated decisions (Art. 22) — not to be subject to a decision based solely on automated processing producing legal effects. As of today, no fully automated processing produces legal effects concerning you within our Services.

How to exercise your rights

Send your request by email to contact@skyentry.co, specifying:

  • the subject of your request;
  • a copy of an identity document if there is reasonable doubt about your identity (the document will be deleted as soon as the request has been processed).

    • We commit to reply within one month from receipt of the request. This period may be extended by two further months where necessary, taking into account the complexity and number of requests; we will inform you of any such extension.

    Lodging a complaint with a supervisory authority

    If you consider that the processing of your data does not comply with the GDPR, you have the right to lodge a complaint with the competent supervisory authority:

  • In France: the Commission Nationale de l'Informatique et des Libertés (CNIL) — [cnil.fr/plaintes](https://www.cnil.fr/plaintes), 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
  • In other EU Member States: the data protection authority of your place of residence or work
  • Full list: [edpb.europa.eu](https://edpb.europa.eu/about-edpb/about-edpb/members_en)

---

9. Minors

The Services are intended for adults only (18 years and over). We do not knowingly collect any data relating to persons under the age of 15. If you believe a child has provided us with personal data without the consent of a parent or legal guardian, please contact us at contact@skyentry.co: we will delete the data as soon as possible.

When a minor is included as a passenger in a booking made by an adult account holder, the adult warrants that they hold parental authority and have collected the necessary consents.

---

10. Cookies and Trackers

Our use of cookies and trackers is described in detail in our [Cookies Policy](/cookies). You can change your preferences at any time via the consent banner or the "Manage my cookies" link in the footer.

---

11. Automated Decisions and Profiling

We do not carry out solely automated decision-making producing legal effects concerning you or significantly affecting you. Our AI Helpdesk (powered by Anthropic's Claude) handles first-line support enquiries; any impactful decision (complex refund, escalation) is reviewed and validated by a human Meetricks, LLC operator.

---

12. Governing Law

Without prejudice to Regulation (EU) 2016/679 and to mandatory provisions of the law of your country of residence, this Privacy Policy is governed by the laws of the State of Delaware (USA). The courts of Delaware have jurisdiction over any dispute relating hereto, subject to mandatory consumer-law provisions applicable to consumers in the European Union.

---

13. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical or operational changes. Any material change will be notified to you by email or via a banner on the Site, with reasonable notice before its entry into force. The applicable version is always the one published on skyentry.co/privacy at the time of the relevant processing.

---

14. Contact

For any question relating to this Policy or your personal data:

> Meetricks, LLC > 1013 Centre Rd, Suite 403A, Wilmington, DE 19805, USA > Email: contact@skyentry.co

---

Reference document — Version 1.0 — Updated: 25 April 2026 This Policy is published in French, English, German, Spanish and Italian. In case of divergence in interpretation, the French and English versions prevail.