Privacy policy
How we collect, use and protect your personal information when you book with Winghoppers.
Last updated: 24 June 2026
At Winghoppers (“we”, “us”, “our”) your privacy matters. This Privacy Policy explains what personal information we collect when you use our website and our business and first class flight concierge service, how we use it, who we share it with, how long we keep it, and the rights you have. Winghoppers is the data controller for the personal information described here. If you have any questions, contact us at hello@winghoppers.com.
Information we collect
Information you give us
When you request a quote or contact us, we collect the details you submit:
- your name, email address and phone number;
- any message or preferences you include;
- your trip details: origin and destination, travel dates, cabin class and number of passengers.
We always process and store this information to handle your request — it does not depend on your cookie choices. We do not collect passport details, date of birth, or payment or credit-card information through this website. If you accept a quote, any details needed to issue a ticket are arranged with you directly afterwards.
Information we collect automatically
- Device and connection data: your IP address, browser and device type, and an approximate location derived from your IP address, processed to operate and secure the site and to handle your enquiry;
- First-party usage data (analytics consent only): the page you arrived on, the website or campaign that referred you (including UTM campaign tags), the pages you view, your visit count and time spent on the site. This is recorded in your browser’s session and local storage only after you accept analytics, uses no cookies, and is never shared for advertising;
- Advertising click identifiers (marketing consent only): identifiers such as
gclid,fbclid,ttclidandmsclkidare stored only after you accept marketing, to measure ad campaigns; - Analytics data: if you accept analytics cookies, Google Analytics 4 records how visitors use the site. We do not include your name, email or phone number in analytics events.
How we use your information, and our legal bases
Under the EU and UK GDPR we rely on the following legal bases:
- To handle your quote or enquiry and provide our concierge service — necessary to take steps at your request and to perform a contract (Art. 6(1)(b)). This applies regardless of your cookie choices;
- To secure our site, prevent spam and fraud, and keep the service working — our legitimate interests (Art. 6(1)(f));
- For analytics, first-party usage measurement, advertising identifiers and any marketing cookies — your consent (Art. 6(1)(a)), which you can withdraw at any time;
- To meet tax, accounting and other legal obligations — compliance with a legal obligation (Art. 6(1)(c)).
Cookies and similar technologies
When you first visit, a consent banner lets you accept all, reject optional cookies, or manage individual categories. In the EU, EEA and UK, optional categories (analytics and marketing) are off by default and can be rejected in a single click; in other regions they may be pre-selected, and you can deselect them before saving. Either way, submitting a quote or contact form always works regardless of your cookie choice. We use Basic Consent Mode: Google’s analytics tag is not loaded and no requests are sent to Google before you accept analytics. Essential, first-party storage needed to run the site and handle your enquiry is always active. You can change your choice at any time through the “Cookie settings” link in the footer, and your choice expires after 12 months.
| Name | Type | Purpose | Set when | Retention |
|---|---|---|---|---|
| wh_consent | Essential — cookie + local storage | Remembers your cookie choices | After you make a choice | Up to 12 months |
| wh-thank-you | Essential — session storage (no cookie) | Shows your confirmation on the thank-you page | On quote submit | End of browser session |
| wh-attribution | Analytics — session storage (no cookie) | First-party: referrer, landing page, campaign tags and page trail for this visit | Only after you accept analytics | End of browser session |
| wh-first-visit, wh-visit-count | Analytics — local storage (no cookie) | First-party: date of your first visit and visit count | Only after you accept analytics | Until you clear your browser storage or withdraw consent |
| wh-click-ids | Marketing — session storage (no cookie) | Advertising click identifiers (gclid/fbclid/ttclid/msclkid) | Only after you accept marketing | End of browser session |
| _ga, _ga_<id> | Analytics (Google Analytics 4) | Distinguishes visitors and measures site usage | Only after you accept analytics | Cookie up to 24 months; analytics data 14 months |
If you withdraw consent, we stop the relevant tracking and remove the related first-party storage. We do not currently serve personalized advertising; if we introduce it in the future, it will run only if you opt in through the marketing category, and we will update this policy first.
Who we share your information with
We share personal information only with service providers who process it on our behalf under appropriate data-protection terms:
- Vercel Inc. — website hosting and server logs (United States);
- Resend — sending your quote and confirmation emails (United States);
- Google — Google Analytics 4, only with your consent (United States).
To fulfil your request, your trip details may be shared with airline and ticketing partners. We may also disclose information where required by law. We do not sell your personal information.
These providers are located in the United States. Where personal data is transferred outside the EEA or UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
How long we keep your information
- Quote and contact records: up to 7 years, to meet tax and accounting obligations;
- Analytics data: 14 months;
- Server logs: up to 30 days;
- Your cookie-consent record: up to 12 months;
- Session attribution data: cleared when your browser session ends or when you withdraw consent.
Your rights
If you are in the EEA or the UK, you have the right to access, correct, delete, restrict or object to the processing of your personal information, the right to data portability, and the right to withdraw consent at any time. You may also lodge a complaint with your local data-protection supervisory authority. To exercise any of these rights, email hello@winghoppers.com.
California privacy rights (CCPA / CPRA)
If you are a California resident: we do not sell or share your personal information for cross-context behavioral advertising. You have the right to know what we collect, to request deletion or correction, and not to be discriminated against for exercising your rights. To make a request, email hello@winghoppers.com.
Security
We use technical and organizational measures — including encryption in transit (HTTPS), access controls and form spam protection — to help protect your information. No method of transmission or storage is completely secure, but we work hard to safeguard your data.
Children
Our service is intended for adults. We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected here with a new “Last updated” date.
Contact us
For any privacy question or request, email hello@winghoppers.com.


