Privacy Policy
Last updated: 22 February 2026
1. Introduction
SkyBurn (Pty) Ltd (“SkyBurn”, “we”, “us”, or “our”) is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (“POPIA”) and the regulations made thereunder.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights as a data subject. This policy applies to all personal information processed through our website (skyburn.cloud), booking platform, and related services.
2. Responsible Party
SkyBurn (Pty) Ltd is the “responsible party” as defined in POPIA, meaning we determine the purpose and means of processing your personal information.
Information Officer: Cornell Basson
Email: privacy@skyburn.cloud
Phone: +27 82 871 6471
Address: Cape Town, South Africa
3. Personal Information We Collect
We collect the following categories of personal information:
3.1 Information You Provide Directly
| Data Category | Specific Data |
|---|---|
| Identity information | First name, last name, ID/passport number (at check-in) |
| Contact information | Email address, phone number |
| Physical information | Body weight (for flight safety/load calculations) |
| Health information | Medical conditions, dietary notes (if voluntarily provided) |
| Emergency contact | Contact name and phone number |
| Biometric data | Photograph and face-match data (at check-in for identity verification) |
| Interest/enquiry data | Name, email, phone, seats wanted, preferred flights, messages |
3.2 Information Collected Automatically
| Data Category | Specific Data |
|---|---|
| Technical data | IP address, browser type, user agent, device information |
| Usage data | Pages visited, time on site, referral source (via Vercel Analytics) |
| Session data | Authentication tokens, session identifiers |
3.3 Information from Third Parties
We receive payment confirmation data (transaction IDs, payment status) from our payment processor, Peach Payments. We do not receive or store your full card number, CVV, or PIN.
4. Purpose of Processing
We process your personal information for the following specific, lawful purposes as required by Section 13 of POPIA:
| Purpose | Legal Basis | Data Used |
|---|---|---|
| Process and manage your booking | Contract performance | Identity, contact, booking details |
| Flight safety and load calculations | Legitimate interest / legal obligation | Weight, medical conditions |
| Identity verification at check-in | Legitimate interest / aviation security | ID, photograph, face-match |
| Emergency contact in case of incident | Vital interest | Emergency contact details |
| Process payments | Contract performance | Transaction data (via Peach Payments) |
| Communicate booking updates, confirmations, and reminders | Contract performance / consent | Email, phone, notification preferences |
| Improve our services and website | Legitimate interest | Usage and technical data |
| Comply with legal and regulatory requirements | Legal obligation | As required by law |
5. Special Personal Information
POPIA classifies certain data as “special personal information” requiring additional protections. We process the following special personal information:
- Health information: Medical conditions and dietary notes, collected only where you voluntarily provide them for flight safety purposes. Processing is necessary to protect your vital interests (Section 27(1)(b) of POPIA).
- Biometric information: Photographs and face-match scores collected at check-in for identity verification. Processing is necessary for the establishment, exercise, or defence of a right (Section 27(1)(d) of POPIA) and for aviation security compliance.
By providing this information, you expressly consent to its processing for the stated purposes. You may withdraw consent at any time, but this may affect our ability to allow you to board.
6. Sharing of Personal Information
We share your personal information with the following third parties, only to the extent necessary:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Charter Operator(s) | Flight operations, safety, passenger manifest | Name, weight, ID, medical notes |
| Peach Payments | Payment processing | Name, email, payment details |
| Resend (email provider) | Sending booking confirmations and updates | Email address, name |
| Vercel | Website hosting and analytics | Anonymised usage data |
| SkyBurn Technologies Ltd | Technology platform provider | Anonymised operational data |
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
7. Cross-Border Transfers
Some of our service providers (Vercel, Resend, SkyBurn Technologies Ltd) may process data outside of South Africa. In accordance with Section 72 of POPIA, we ensure that any cross-border transfer of personal information is to a jurisdiction with adequate data protection laws, or is subject to binding agreements that provide equivalent protection.
8. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes described above:
| Data Type | Retention Period |
|---|---|
| Booking and transaction records | 5 years (Tax Administration Act requirements) |
| Account information | Duration of account + 1 year after deletion |
| Check-in biometric data | 30 days after the flight |
| Interest/waitlist data | Duration of the relevant event season + 30 days |
| Analytics data | Anonymised; retained indefinitely |
After the retention period, personal information is securely deleted or anonymised.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal information, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Secure authentication (password hashing with Argon2)
- Access controls limiting data access to authorised personnel
- Regular security reviews of our infrastructure
- PCI-DSS compliant payment processing through Peach Payments
- Secure hosting on Vercel with SOC 2 Type II compliance
Despite these measures, no method of electronic transmission or storage is 100% secure. If you become aware of any security breach, please notify us immediately at privacy@skyburn.cloud.
10. Your Rights as a Data Subject
Under POPIA, you have the following rights regarding your personal information:
- Right to access (Section 23): Request confirmation of whether we hold your personal information and obtain a copy.
- Right to correction (Section 24): Request that inaccurate or incomplete personal information be corrected or updated.
- Right to deletion (Section 24): Request deletion of your personal information where it is no longer necessary or where processing is unlawful.
- Right to object (Section 11(3)): Object to the processing of your personal information on reasonable grounds.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right not to be subject to automated decisions (Section 71): You have the right not to be subject to a decision based solely on automated processing.
- Right to lodge a complaint: You may lodge a complaint with the Information Regulator (see Section 12 below).
To exercise any of these rights, contact our Information Officer at privacy@skyburn.cloud. We will respond to your request within 30 days as required by POPIA.
11. Cookies and Tracking
Our website uses essential cookies for authentication and session management. We use Vercel Analytics for anonymised, privacy-friendly website analytics that do not track individual users or use cookies for tracking purposes.
The Peach Payments checkout widget may set cookies necessary for secure payment processing. These are governed by Peach Payments’ privacy policy.
12. Complaints
If you believe your personal information has been processed unlawfully or that we have failed to comply with POPIA, you may:
- Contact our Information Officer at privacy@skyburn.cloud
- Lodge a complaint with the Information Regulator:
The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
PO Box 31533, Braamfontein, Johannesburg, 2017
Email: inforeg@justice.gov.za
Complaints: complaints.IR@justice.gov.za
13. Children’s Information
Our services are not directed at children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete it promptly. Minors must be accompanied by a parent or legal guardian who takes responsibility for the booking.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the website and/or by email. The “Last updated” date at the top of this policy indicates the most recent revision. Continued use of our services after changes are posted constitutes acceptance of the updated policy.
15. Contact Us
For any questions about this Privacy Policy or to exercise your data subject rights, contact:
Information Officer: Cornell Basson
SkyBurn (Pty) Ltd
Email: privacy@skyburn.cloud
Phone: +27 82 871 6471
Also see our Terms & Conditions for full booking and service terms.