Privacy policy
This policy describes how Navifare AG ("zerolook", "we", "us") handles personal data in connection with our website, the zerolook flight search API, and our business operations.
1. Summary
zerolook is a B2B service. Our customers are businesses — not consumers. We process limited personal data: business contacts who reach out to us, employees of customer organizations who use the API, and minimal technical data needed to operate the service. We do not sell personal data and we do not run advertising on our properties.
2. Data controller
The data controller for personal data described in this policy is Navifare AG, a Swiss corporation registered in Risch-Rotkreuz, Switzerland. You can reach our privacy team at dpo@navifare.com.
3. What we collect
Contact & account data
When you contact us, request access, or sign up as a customer, we collect: name, work email, employer, role, country, and the content of your message. If you become a customer, we additionally collect billing contact information.
Service data
When customers call the API, we log: the API key used, the search inputs (origin, destination, dates, cabin, passenger counts), timestamps, response codes, and aggregate latency. Search inputs are not by themselves personal data, but may be associated with a customer organization.
Website data
We use minimal first-party telemetry to understand site performance. Data collected: page URL, referrer, viewport size, broad geographic region (country level), and a randomized session identifier. We do not use third-party advertising trackers.
4. Purposes & legal bases
| Purpose | Legal basis (GDPR / FADP) |
|---|---|
| Respond to inbound enquiries; manage commercial relationships. | Legitimate interest; performance of a contract. |
| Provide and operate the API; bill for usage. | Performance of a contract. |
| Improve the service, including training the prediction model on aggregated, de-identified data. | Legitimate interest. |
| Comply with legal, accounting, and tax obligations. | Legal obligation. |
| Send occasional product updates to existing customers. | Legitimate interest; opt-out at any time. |
5. Sharing
We share personal data only with:
- service providers acting under our instructions (cloud infrastructure, billing, email delivery, helpdesk);
- professional advisors (legal, accounting, audit) under duty of confidentiality;
- authorities where required by law.
We share personal data only when there is a demonstrable operational or legal need; we do not share it routinely.
We do not sell personal data, and we do not share it for cross-context behavioral advertising.
6. Retention
We retain contact and account data for the duration of the commercial relationship plus seven (7) years for accounting purposes. API request logs are retained for ninety (90) days in raw form, after which they are aggregated and de-identified. Website telemetry is retained for thirty (30) days.
7. International transfers
zerolook is based in Switzerland. Some of our service providers operate in the European Economic Area, the United Kingdom, and the United States. Where personal data is transferred outside Switzerland, we rely on the European Commission's Standard Contractual Clauses (or equivalent Swiss FDPIC mechanisms) and adopt supplementary technical measures including encryption in transit and at rest.
8. Your rights
Depending on where you are located, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to processing based on legitimate interests. To exercise any of these rights, email dpo@navifare.com. We will respond within thirty (30) days.
You also have the right to lodge a complaint with a supervisory authority — for Switzerland, the Federal Data Protection and Information Commissioner (FDPIC); for EU residents, your local data protection authority.
9. Security
We protect personal data with industry-standard technical and organizational measures. No system is perfectly secure, but we work hard to keep yours so. Report a suspected vulnerability to security@navifare.com.
10. Cookies
Our website uses one strictly necessary first-party cookie to remember session preferences and detect bot traffic. We do not set advertising or cross-site tracking cookies. Most browsers let you refuse or delete cookies; doing so may limit some functionality but will not prevent you from using the site.
11. Changes to this policy
We may update this policy as the service evolves or to reflect legal developments. Material changes will be communicated by email to customers and posted at the top of this page with a new effective date.
12. Contact
Questions about this policy or your data? Email dpo@navifare.com or write to:
Navifare AG · Privacy
Zug, Switzerland