Privacy Policy

Last updated: February 20, 2026

LUX Services LLC ("Company," "we," "our," "us") operates the Business Class Signal platform at businessclasssignal.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service. By using the Service, you consent to the practices described in this policy. If you do not agree with this policy, you must not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account information: Email address, display name, and password when you create an account.
  • Watchlist preferences: Origin and destination airports, travel dates, target prices, cabin class, and other search preferences you configure.
  • Billing information: Payment details are collected and processed directly by our payment processor, Stripe, Inc. We do not store your credit card numbers, bank account details, or other financial information on our servers. We receive only a record of your subscription status, plan type, and transaction history from Stripe.
  • Referral data: If you participate in our referral program, we collect your referral code, the number of users you've referred, and their subscription status (anonymized). We do not share the identity of referred users with referrers.
  • Communications: Information you provide when contacting our support team, including email content and any attachments.

1.2 Information Collected Automatically

  • Usage data: Pages visited, features used, scan history, alert interactions, and timestamps.
  • Device and browser data: IP address, browser type, operating system, device type, screen resolution, and referring URLs.
  • Server logs: Our hosting provider (Vercel) automatically collects server access logs including IP addresses, request timestamps, URLs accessed, and HTTP response codes. These logs are used for security monitoring, error diagnosis, and performance optimization.
  • Cookies: We use essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies. See Section 6 for details.

1.3 Information We Do Not Collect

  • We do not collect or store credit card numbers or bank account details.
  • We do not collect precise geolocation data (GPS coordinates).
  • We do not collect biometric data.
  • We do not use advertising trackers, social media pixels, or behavioral targeting technologies.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service, including scanning for flight prices and sending deal alerts.
  • Process your subscription payments and manage your account.
  • Send transactional emails (account verification, password resets, deal alerts, first scan results, subscription confirmations).
  • Respond to your inquiries and support requests.
  • Monitor and analyze usage patterns to improve performance, reliability, and user experience.
  • Detect, prevent, and address fraud, abuse, security threats, and technical issues.
  • Generate aggregate, anonymized statistics about Service usage (see Section 5).
  • Comply with legal obligations and enforce our Terms of Service.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes. We share your data only in the following limited circumstances:

  • Payment processing: Stripe, Inc. processes your payment information under their own Privacy Policy. When you make a payment, Stripe may also directly collect certain data from your browser or device — including your IP address, device identifiers, browser type, and behavioral signals — for fraud detection and prevention purposes. This data is collected and processed by Stripe under their own privacy policy. We do not have access to or control over the data Stripe collects directly.
  • Infrastructure providers: We use Vercel (hosting and serverless functions), Supabase (database and authentication), and Resend (transactional email delivery). These providers process data on our behalf under data processing agreements and are contractually obligated to protect it.
  • Flight data providers: To scan flight prices, we send search queries containing your watchlist parameters (airports, dates, cabin class) to third-party flight data APIs. These queries do not include your name, email, account information, or any other personally identifiable information. The data providers receive only the search parameters necessary to return fare data.
  • Legal requirements: We may disclose information if required by law, regulation, subpoena, legal process, or governmental request, or to protect the rights, property, or safety of our Company, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, user data may be transferred as part of that transaction. We will make reasonable efforts to notify you before your information becomes subject to a different privacy policy.
  • With your consent: We may share information with your explicit consent for purposes not described here.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained until you delete your account.
  • Scan and alert history: Retained for the duration of your subscription to provide price history and trend data. Upon account deletion, this data is deleted or anonymized.
  • Billing records: Retained as required by tax and accounting regulations (typically 7 years). These records are maintained by Stripe and may persist beyond account deletion as required by law.
  • Server logs: Automatically purged after 90 days.
  • Support communications: Retained for up to 2 years after resolution for quality assurance and dispute resolution purposes.

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as billing records and fraud prevention). Anonymized or aggregated data that cannot be used to identify you may be retained indefinitely.

5. Aggregate & Anonymized Data

We may create aggregate, de-identified, or anonymized data from your personal information and other users' information by removing information that makes the data personally identifiable to you. We may use such aggregate or anonymized data for any lawful purpose, including but not limited to analyzing usage trends, improving the Service, and creating industry reports. This data cannot be used to re-identify you and is not subject to the restrictions of this Privacy Policy.

6. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled without losing core functionality.
  • Preference cookies: Remember your settings and preferences (e.g., billing period toggle, display preferences).

We do not use advertising cookies, social media tracking pixels, third-party analytics cookies, or cross-site tracking technologies. You can manage cookies through your browser settings, though disabling essential cookies may prevent you from using the Service.

7. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. As there is currently no industry-wide standard for recognizing or responding to DNT signals, we do not currently respond to them. However, as described in this policy, we do not engage in cross-site tracking or serve targeted advertising, regardless of any DNT signal setting.

8. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS/SSL), encrypted database storage, secure authentication via Supabase Auth, and role-based access controls. Payment data is handled entirely by Stripe, which is PCI-DSS Level 1 certified.

However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for promptly notifying us of any suspected unauthorized access.

9. Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will take reasonable steps to notify affected users via email within 72 hours of becoming aware of the breach, where feasible, and will comply with all applicable data breach notification laws. We will also take immediate steps to investigate and remediate the breach, mitigate potential harm, and cooperate with relevant authorities as required.

10. Third-Party Links & Services

The Service may contain links to third-party websites and services, including but not limited to Google Flights, airline websites, and other booking platforms. These links are provided for your convenience and reference. We have no control over and assume no responsibility for the content, privacy policies, data practices, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit. Your interactions with those platforms are governed solely by their respective terms and privacy policies.

11. Email Communications

We may send you the following types of email communications:

  • Transactional emails: Account verification, password resets, subscription confirmations, and billing receipts. These are essential to the Service and cannot be opted out of while your account is active.
  • Deal alerts: Price drop notifications based on your watchlist settings. You can enable or disable these at any time from your account settings.
  • First scan results: A one-time summary email after your watchlist's initial scan completes.
  • Route briefings: Daily or weekly market briefings for each of your watchlists, with deal scores and booking advice. You can configure the frequency from your watchlist settings.
  • Service updates: Important notices about changes to our Service, Terms, or Privacy Policy. These are sent infrequently and only when necessary.

We do not send marketing emails, newsletters, or promotional offers. You will not receive unsolicited commercial email from us. All email communications are delivered through Resend, our transactional email provider.

12. Your Rights

12.1 All Users

Regardless of your location, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete personal data.
  • Delete your account and associated personal data via account settings or by contacting us.
  • Opt out of non-essential communications (you can disable email alerts in your account settings).
  • Export your data in a portable format upon request.

To exercise any of these rights, contact us at support@businessclasssignal.com. We will respond to verified requests within 30 days.

12.2 European Economic Area (EEA) Residents — GDPR

If you are located in the EEA, you have additional rights under the General Data Protection Regulation:

  • Right to restrict processing of your personal data.
  • Right to object to processing based on legitimate interests.
  • Right to data portability in a structured, commonly used, machine-readable format.
  • Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint with your local data protection authority.

Our legal bases for processing are: (a) performance of our contract with you (providing the Service); (b) your consent (email alerts); and (c) legitimate interests (security, fraud prevention, Service improvement).

12.3 California Residents — CCPA / CPRA

Under the California Consumer Privacy Act and the California Privacy Rights Act, California residents have the right to:

  • Know what personal information is collected, used, shared, or sold.
  • Request deletion of personal information.
  • Request correction of inaccurate personal information.
  • Opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
  • Limit the use of sensitive personal information. We do not collect sensitive personal information as defined under CPRA.
  • Non-discrimination for exercising your privacy rights.

13. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers and service providers are located. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in a country whose data protection laws may differ from those in your jurisdiction. By using the Service, you consent to such transfers. For EEA residents, we rely on Standard Contractual Clauses and our processors' data processing agreements to ensure adequate protection of transferred data.

14. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at support@businessclasssignal.com.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes that materially affect your rights, we may also send an email notification to the address associated with your account. Your continued use of the Service after any changes constitutes your acceptance of the updated policy. If you do not agree with the revised policy, you must stop using the Service and delete your account.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us:

LUX Services LLC

8 The Green, STE R, Dover, DE 19901

Email: support@businessclasssignal.com