Privacy Policy

Last updated 14 June 2026

This policy is a starting template and should be reviewed by a qualified adviser before you rely on it. Replace the placeholder company details with your registered information.

This policy explains how OMOX Ltd(“flyWilco”, “we”, “us”) collects and uses personal data when you use our website and the flyWilco booking application (the “Service”). We are the data controller for the personal data described below, in accordance with the UK GDPR and the Data Protection Act 2018.

1. The data we collect

Account & organisation data: your name, email, phone number, the name of your school or group, and your home aerodrome.
Member & booking data you enter: details of your members, aircraft and bookings. Where you add other people’s information, you are responsible for having a lawful basis to do so.
Payment data: handled by Stripe. We do not store card numbers; we hold a Stripe customer/subscription identifier and your plan status.
Technical & usage data: IP address, device/browser information and basic interaction data, used to keep the Service secure and working.

2. How and why we use it

To provide the Service and your account (legal basis: performance of a contract).
To take payment for paid plans (contract; legal obligation for tax records).
To send transactional emails: confirmations, invitations, password resets, booking and renewal notices (contract / legitimate interests).
To keep the Service secure, prevent abuse and improve it (legitimate interests).
With your consent, to measure website usage via analytics.

3. Sub-processors we share data with

We use a small number of trusted providers to run the Service:

Supabase: database, authentication and hosting (EU / London region).
Stripe: payment processing.
Mailgun: sending transactional email.
Cloudflare: security, DNS and content delivery.
NOAA / Aviation Weather Center: weather data (no personal data is sent).

We do not sell your personal data.

4. Where your data is stored

Your application data is stored in the EU (London region). Some providers (e.g. Stripe, Cloudflare) may process limited data outside the UK/EU under appropriate safeguards such as Standard Contractual Clauses.

5. Cookies

We use strictly necessary cookies to keep you signed in and secure. If you consent, we also use analytics (via a tag manager) to understand how the site is used. You can control non-essential cookies through your browser.

6. Retention

We keep your data for as long as your account is active. You can delete members (and their data) at any time, and we delete or anonymise account data within a reasonable period after you close your account, except where we must keep records (e.g. for tax).

7. Your rights

Under UK GDPR you have the right to access, correct, delete, restrict or object to the processing of your personal data, and to data portability. To exercise any of these, contact us at [email protected]. You also have the right to complain to the Information Commissioner’s Office (ico.org.uk).

8. Children

The Service is not directed at children under 16, and we do not knowingly collect their data.

9. Changes

We may update this policy from time to time; the “last updated” date above shows when. Material changes will be notified in the app or by email.

10. Contact

Questions or data requests: [email protected] · OMOX Ltd, 124 City Road, London, EC1V 2NX.