Privacy Policy
On this page
- Who we are
- What information we collect
- How we use your information
- Legal bases for processing
- Who we share information with
- International data transfers
- Data retention
- How we secure your information
- Your privacy rights
- Region-specific rights (Canada, EU/UK, USA)
- Cookies and tracking
- Children's privacy
- Changes to this policy
- How to contact us
1. Who we are
This Privacy Policy explains how Sky Bites Inc. ("Sky Bites", "we", "us", or "our") collects, uses, shares, and protects personal information when you use our private jet catering services, our website at skybites.ca, our client portal, our concierge phone, email, and messaging channels, and our delivery services to fixed-base operators ("FBOs") around the world.
Sky Bites Inc. is a federally incorporated Canadian company registered in the Province of Ontario, with principal offices in Toronto, Ontario, Canada. For privacy matters we act as a "data controller" (or, where applicable, a "business" or "data fiduciary") for the personal information described in this policy.
2. What information we collect
We collect only what we need to deliver private jet catering, run the client portal, invoice properly, and provide a 24/7 concierge. Specifically:
2.1 Information you give us directly
- Account information: name, role (executive assistant, charter broker, flight attendant, pilot, operator, principal), company, work email, phone, time zone, and chosen password (stored hashed).
- Flight briefing information: tail number, aircraft type and galley size, departure FBO and arrival FBO, departure date and time, number of passengers, principal name (where you choose to share it), passenger preferences, allergies, dietary restrictions (halal, kosher, vegan, etc.), beverage preferences, and free-text notes.
- Payment and billing information: billing address, billing contact, payment method details (we use a PCI-DSS-compliant payment processor; we do not store full card numbers ourselves), purchase orders, and invoicing preferences.
- Communications: the content of your emails, portal messages, SMS, and recorded concierge phone calls (where lawful and on notice).
2.2 Information we collect automatically
- Device and usage data: IP address, browser and device type, operating system, referrer URL, pages viewed, session timestamps, and basic interaction events.
- Cookies and similar technologies: as described in our Cookie Policy.
- Service telemetry: delivery timestamps, FBO handoff times, photographed chain-of-custody, and basic audit logs.
2.3 Information from third parties
We may receive information about you from culinary partners, FBO ground handlers, charter operators, or your colleagues (for example, an executive assistant placing an order on behalf of a principal). We rely on those parties to have authority to share the information with us.
3. How we use your information
We use personal information for the following purposes:
- To deliver the catering you order — sourcing the food, coordinating with culinary partners and FBOs, packaging for galley fit, and delivering to the aircraft.
- To operate, maintain, and secure the Sky Bites client portal and concierge channels.
- To invoice, collect payment, and comply with tax and accounting rules.
- To support you — answering questions, troubleshooting, sending order confirmations, allergen statements, and packing slips.
- To improve our service — analysing what selections clients request, which FBOs we operate at most, and where to expand.
- To send service messages (order status, schedule changes, account updates). We do not send marketing email without an explicit opt-in.
- To comply with legal obligations, respond to lawful requests, enforce our Terms of Service, and protect our rights, property, and the safety of clients and staff.
4. Legal bases for processing
Where Canadian privacy law applies (including the federal Personal Information Protection and Electronic Documents Act, "PIPEDA"), we rely on your consent (express or implied based on the context of the service you've requested) and on the legitimate need to deliver a service you've actively asked us to perform.
For clients located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation ("GDPR") and equivalent laws:
- Performance of a contract — to provide the catering and portal you've requested.
- Legitimate interests — to run, secure, and improve our service, prevent fraud, and protect our business and our clients.
- Legal obligation — to meet tax, accounting, food-safety, and other regulatory duties.
- Consent — for optional marketing, optional cookies, and where consent is required by local law.
5. Who we share information with
We share personal information only with the parties needed to deliver your service or to meet a legal obligation:
- Culinary partners — the restaurants, kitchens, patisseries, and private chefs sourcing the food. They receive only what's needed (e.g., "kosher tasting menu for 4, no shellfish, delivery 4 PM").
- FBO ground handlers and ground transport providers — receive aircraft tail number, FBO, delivery time, and contact for the receiving crew.
- Payment processor — for processing card transactions and wire payments.
- Cloud and software vendors — secure hosting, portal, email, SMS, analytics. We hold each to confidentiality and security obligations.
- Professional advisors — lawyers, accountants, and auditors under confidentiality.
- Authorities and law enforcement — when required by law, court order, or to protect health and safety.
- In a corporate transaction — if Sky Bites is acquired, merged, restructured, or sells assets, personal information may be transferred to the acquirer, under continuing privacy protections.
We do not sell your personal information. We do not share it for behavioural advertising, and we do not allow third parties to use Sky Bites data for their own marketing.
6. International data transfers
Sky Bites is headquartered in Canada and operates worldwide. Your information may be processed in Canada, the United States, the European Union, the United Kingdom, and other countries where our vendors operate. Where required, we put in place appropriate safeguards (such as the EU Standard Contractual Clauses or the UK International Data Transfer Addendum) to protect personal information when it is transferred internationally.
7. Data retention
We retain personal information for as long as needed to provide the service, comply with our legal obligations (typically seven years for tax and accounting records in Canada), resolve disputes, and enforce our agreements. When information is no longer needed, we delete or anonymise it. You can ask us to delete your account at any time (subject to legal retention duties — see Section 9).
8. How we secure your information
We use industry-standard safeguards including encryption in transit (TLS 1.2+), encryption at rest for sensitive fields, role-based access controls, two-factor authentication on internal systems, audit logging, and regular security reviews. No system is perfectly secure; if you believe your account has been compromised, please contact us at security@skybites.ca immediately.
9. Your privacy rights
Subject to local law, you have the right to:
- Access the personal information we hold about you.
- Correct information that is inaccurate or out-of-date.
- Delete personal information (subject to limits where we must keep it for legal reasons).
- Withdraw consent where we rely on consent.
- Object to certain processing or request a restriction.
- Receive a portable copy of the information you provided to us.
- Lodge a complaint with your local privacy regulator.
To exercise any right, email privacy@skybites.ca. We respond within 30 days (or sooner where local law requires).
10. Region-specific rights
10.1 Canada (PIPEDA & provincial laws)
You may file a complaint about our handling of your personal information with the Office of the Privacy Commissioner of Canada at priv.gc.ca. Residents of Quebec, Alberta, and British Columbia have additional rights under provincial laws and may contact their provincial commissioner.
10.2 European Economic Area, United Kingdom, Switzerland (GDPR)
You have the rights described above and may also lodge a complaint with your national data protection authority. For UK residents, that is the Information Commissioner's Office (ico.org.uk).
10.3 United States — California, Virginia, Colorado, Connecticut, Utah, and others
Residents of California (under the CCPA/CPRA) and certain other US states have rights to know, delete, correct, and opt out of "sale" or "sharing" of personal information for cross-context behavioural advertising. Sky Bites does not sell personal information and does not share it for cross-context behavioural advertising. To exercise other rights, email privacy@skybites.ca.
11. Cookies and tracking
See our separate Cookie Policy for details on the cookies and similar technologies we use, and how to control them.
12. Children's privacy
Sky Bites is a business-to-business service for private aviation. It is not directed to children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with information, contact privacy@skybites.ca and we will delete it.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we'll notify clients through the portal or by email and update the "Last updated" date at the top of this page. Continued use of our services after the update means you accept the revised policy.
14. How to contact us
Sky Bites Inc.
Privacy Officer
Toronto, Ontario, Canada
Email: privacy@skybites.ca
General: concierge@skybites.ca
Phone: +1 (416) 999-0000