Skip to content

Privacy Policy

Last updated: 30 June 2026

1. Who we are

Klaimly is a flight delay compensation service operated by Zaki ("we", "us", "our"). We are the data controller responsible for your personal data.

Contact: privacy@klaimly.co.uk

2. What data we collect

We collect the following categories of personal data:

  • Identity data: full name as it appears on your booking
  • Contact data: email address, phone number (optional)
  • Flight data: flight number, airline, departure and arrival airports, date of travel, booking reference
  • Disruption data: type of disruption, delay duration, description of events
  • Verification data: a one-time code sent to your email to confirm it belongs to you, deleted automatically once used or after 10 minutes
  • E-signature: your electronic signature on the Letter of Authority authorising us to act on your behalf
  • Technical data: IP address, browser type, device information, cookies (see our Cookie Policy)

3. Why we collect it and our legal basis

To process your compensation claim

Legal basis: Performance of a contract. We need your data to fulfil our agreement to pursue your claim.

To communicate with you about your claim

Legal basis: Performance of a contract. Status updates, requests for information, and payment notifications.

To submit your claim to the airline or enforcement body

Legal basis: Performance of a contract. We share relevant claim details with the airline to pursue your compensation.

To improve our service

Legal basis: Legitimate interest. Anonymous usage data helps us improve the claims process.

To send you marketing communications

Legal basis: Consent. Only if you have explicitly opted in. You can unsubscribe at any time.

4. Who we share your data with

We only share your data where necessary to process your claim or operate our service:

  • Airlines: to file and pursue your compensation claim
  • National enforcement bodies: if your claim is escalated
  • Supabase: database hosting (EU region, encrypted at rest, restricted to our servers only)
  • Resend: transactional email delivery (verification codes and claim updates)
  • AeroDataBox (via RapidAPI): your flight number and travel date may be sent to verify flight status and delay times. No other personal data is shared with this provider.
  • Vercel: website hosting

We never collect or store payment card details. Compensation is paid to you directly by the airline, and our 5% fee is settled by bank transfer or payment link from an emailed invoice, never through this website.

We do not sell your personal data to any third party. Ever.

5. International transfers

Some of our service providers are based outside the UK/EEA. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or the provider is certified under an adequate framework.

6. How long we keep your data

We retain your personal data for the following periods:

  • Active claims: for the duration of the claim plus 12 months
  • Completed claims: 6 years from the date of the flight (matching the EU261 limitation period)
  • Marketing preferences: until you withdraw consent
  • Technical logs: 90 days

After these periods, your data is securely deleted or anonymised.

7. Your rights

Under UK GDPR and EU GDPR, you have the following rights:

Access

Request a copy of the personal data we hold about you

Rectification

Ask us to correct inaccurate or incomplete data

Erasure

Ask us to delete your data (where legally possible)

Restriction

Ask us to limit how we use your data

Portability

Receive your data in a structured, machine-readable format

Objection

Object to processing based on legitimate interest

Withdraw consent

Withdraw consent at any time where consent is the legal basis

Complaint

Lodge a complaint with the ICO (UK) or relevant supervisory authority

To exercise any of these rights, email us at privacy@klaimly.co.uk. We will respond within 30 days.

8. Security

We take the security of your data seriously. We use encryption in transit (TLS/SSL), encryption at rest, access controls, and regular security reviews. Your claim data is stored in a database that only our own servers can access directly; it is never exposed to the public internet.

9. Children

Our service is not directed at anyone under 18. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. The "last updated" date at the top of this page indicates when the policy was last revised.