MYSTES

Privacy Policy

Last updated: January 2026

1. Introduction

MYSTES ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information.

2. Information We Collect

2.1 Account Information

  • Email address (required)
  • Name (optional)
  • Password (stored securely hashed)
  • Preferred language and currency settings

2.2 Transaction Data

  • Payment records (transaction IDs, amounts)
  • Deal access history
  • Booking attempts (we do not store airline booking details)

2.3 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Usage patterns and preferences

3. How We Use Your Information

We use your data to:

  • Provide and improve our Service
  • Verify payments and unlock deal access
  • Send service notifications and price alerts (if opted in)
  • Prevent fraud and abuse
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers: For hosting, analytics, and email services
  • Legal authorities: When required by law or to protect our rights

When you access airline websites through our proxy, the airline's own privacy policy applies to data you provide to them.

5. Payment Processing

Payments are processed securely via Stripe and MoonPay. We only store the minimum transaction data needed to verify payments.

6. Data Retention

  • Account data: Retained while your account is active, deleted upon request
  • Transaction records: Retained for 7 years for legal compliance
  • Technical logs: Retained for 90 days

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account (except transaction records required by law)
  • Export your data
  • Opt out of marketing communications

8. Security

We implement industry-standard security measures including:

  • Password hashing with bcrypt
  • HTTPS encryption for all connections
  • CSRF protection
  • Rate limiting to prevent abuse

9. Cookies

We use essential cookies for:

  • Session management
  • Authentication
  • Security (CSRF tokens)

We do not use tracking or advertising cookies.

10. International Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place for such transfers.

11. Children's Privacy

Our Service is not intended for users under 18. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service.

13. Contact

For privacy inquiries, contact us at privacy@mystes.app

MYSTES CONCIERGE