Privacy Policy

FlyEthio (Ethio Travel Services LLC) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website (flyethio.com), mobile application (com.flyethio.app), and related services. By using our platform or making a booking, you consent to the data practices described in this policy. If you do not agree with these practices, please do not use our services. This policy applies to residents of the United States and international users and is designed to comply with applicable data protection laws including the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), General Data Protection Regulation (GDPR) for EU/UK residents, and other applicable international standards.

We do not sell your personal information to third parties. We share your data only as described below. 4.1 Global Distribution Systems (GDS) and Airlines To complete a flight booking we are required to transmit your personal data — including full name, date of birth, passport number, passport expiry date, issuing country, and contact details — to: • Airlines operating your flight(s) • Amadeus IT Group S.A. (Global Distribution System) • Sabre Corporation (Global Distribution System) • Travelport (Global Distribution System) These companies process your data under their own privacy policies and as data processors on behalf of the relevant airline. Their policies are available on their respective websites. 4.2 Payment Processors Your billing details are shared with our PCI-DSS compliant payment processors solely to process your transaction. FlyEthio does not store or have access to your full card number. 4.3 Service Providers We work with trusted vendors for website hosting, cloud infrastructure, email delivery, analytics, and customer support. All vendors are contractually bound to keep your information confidential. 4.4 Legal Requirements We may disclose your information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of FlyEthio, our users, or the public. 4.5 Business Transfers In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website at least 30 days in advance.

We retain your personal information for as long as necessary to: • Maintain your account and provide our services • Comply with legal and regulatory requirements (typically 7 years for financial records) • Resolve disputes and enforce agreements Booking records are retained for a minimum of 3 years from the travel date for accounting and compliance purposes. If you request account deletion, we will remove your personal data within 30 days, subject to legal retention requirements.

FlyEthio implements industry-standard security measures to protect your personal information: • SSL/TLS encryption for all data transmitted to and from our website • Secure server infrastructure with access controls and monitoring • Password hashing using bcrypt or equivalent algorithms • Regular security audits and vulnerability assessments • Limited employee access to personal data on a need-to-know basis However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

We use cookies and similar tracking technologies to enhance your browsing experience: • Essential Cookies: Required for website functionality (session management, security). Cannot be disabled. • Analytics Cookies: Help us understand how visitors use our site (e.g., Google Analytics). You may opt out via your browser settings or our Cookie Settings panel. • Preference Cookies: Remember your settings and preferences (currency, language, saved searches). • Marketing Cookies: Used to deliver relevant advertisements. You can opt out via our Cookie Settings. For a full list of cookies and to manage your preferences, see our Cookie Policy at /cookies.

FlyEthio's services are not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at info@flyethio.com and we will delete such information promptly.

FlyEthio is based in the United States. If you access our services from outside the US, your information may be transferred to and processed in the United States and other countries where our service providers operate. When we transfer personal data internationally, we implement appropriate safeguards including standard contractual clauses or rely on adequacy decisions. By using our services, you consent to such transfers.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised "Last Updated" date. For material changes, we will notify you via email or a prominent notice on our website at least 14 days before the change takes effect.

For privacy-related questions, concerns, or to exercise your rights, contact us: FlyEthio — Privacy Team Email: info@flyethio.com Phone (US): 888-576-2854 Phone (Ethiopia): +251 911 062 651 We aim to respond to all privacy inquiries within 30 days.