Effective date: July 24, 2025Entity responsible (Controller): Zero-GravityX Ltd. ("Zero-GravityX", "we", "our", "us")

Zero-GravityX respects your privacy. This Privacy Policy explains what personal information we collect when you use www.zerogravityx.com, our subdomains, portals (including trainee areas), and related services (collectively, the "Services"), how we use it, who we share it with, and the rights you may have.

 

1) Quick Summary ("At a Glance")

What we collect: Identifiers (name, email, phone), account data, payment info, flight/reservation data, medical declarations for flight participants, device & analytics data, marketing preferences, and content you choose to share.

Why: To run our website, process reservations and purchases, comply with aviation safety standards, personalize experiences, conduct analytics/marketing, and meet legal obligations.

Sharing: With service providers (e.g., payment, analytics, marketing), regulators (when required), and business transferees (e.g., M&A). We do not sell your data in the traditional sense; however, certain ad/analytics uses may be considered a "sale" or "share" under the CPRA and other US state privacy laws-you can opt out.

Choices: Manage cookies, opt out of marketing, and (where applicable) exercise access, deletion, correction, portability, opt-out of targeted advertising, and "Do Not Sell or Share" rights.

Security & retention: We apply industry-standard safeguards and retain data only as long as needed for the purposes described (or as legally required).

International transfers: We use approved transfer mechanisms (e.g., EU-US Data Privacy Framework, SCCs) where required.

Contact: privacy@zerogravityx.com (Data Protection Officer / Privacy Team)

 

2) Scope & Who This Policy Covers

This Policy applies to personal information we process about:

Website visitors

Account holders / purchasers

Flight participants (including presale and general-admission programs)

Business contacts, vendors, and partners

Job applicants

If you are part of a research campaign or corporate charter, additional contractual terms may also apply.

 

3) The Information We Collect

3.1 Information you provide directly

Identifiers & contact details: name, email, phone number, address, government ID (for flight check-in).

Account & transactional data: login credentials, reservation details, order history.

Payment data: limited payment card details (processed by PCI-compliant providers; we generally receive tokens/confirmations, not full card data).

Medical & health declarations (flight programs only): information you provide to ensure you are fit to fly (we are not a HIPAA "covered entity", but we treat this segment as sensitive).

Marketing preferences & communications: your opt-in/opt-out settings, communications you send us.

Content: forms, surveys, support requests, or media you upload.

3.2 Information collected automatically

Device & usage data: IP address, device identifiers, browser type, OS, referring URLs, pages viewed, links clicked, session timestamps.

Cookies & similar technologies: session cookies, analytics cookies, advertising/retargeting pixels. (See Section 9 - Cookies & Tracking.)

3.3 Information from third parties

Payment processors, analytics providers, ad networks

Identity & fraud-prevention services

Public sources & social platforms (if you interact with us there)

 

4) Why We Use Your Information (Purposes & Legal Bases)

Purpose Examples Legal Bases (GDPR/UK GDPR)

Provide Services & fulfill contracts Process reservations, manage presale refunds, trainee portal access Contract performance

Safety, compliance & aviation operations Verify identity, medical declarations, comply with FAA/Part 121 & other regulations Legal obligation; legitimate interests

Payments & fraud prevention Payment processing, chargeback handling, anti-fraud screening Contract; legitimate interests

Customer support & communications Respond to inquiries, flight updates, operational notices Contract; legitimate interests

Marketing & personalization Email campaigns, retargeting, promotions, look-alike audiences (where permitted) Consent (where required); legitimate interests

Analytics & service improvement Usage stats, A/B testing, user experience enhancement Legitimate interests

Legal defense & risk management Enforce our terms, defend claims, audits Legitimate interests; legal obligation

Where consent is required (e.g., certain cookies, marketing to EU/UK residents), we will request it and allow you to withdraw at any time.

 

5) How & With Whom We Share Information

We may share personal information with:

Service providers / processors (e.g., hosting, CRM, ticketing, payment, analytics, email marketing). We contractually require them to protect your data and use it only per our instructions.

Advertising & analytics partners (subject to applicable opt-outs).

Regulators, public authorities, or safety agencies where legally required or necessary for safety/operational compliance.

Professional advisors (legal, auditors, insurers).

Business transferees in case of a merger, acquisition, or asset sale.

We do not sell your personal information for money. Certain cross-context behavioral advertising / targeted advertising may be deemed a "sale" or "share" under CPRA and emerging US state privacy laws-see Section 10 for how to opt-out.

 

6) International Data Transfers

We operate globally. Where required by law (e.g., GDPR/UK GDPR), we rely on:

EU-US Data Privacy Framework, UK Extension, Swiss-US DPF (where applicable);

Standard Contractual Clauses (SCCs) and any required transfer impact assessments; and/or

Other legally recognized transfer mechanisms.

 

7) Retention

We retain personal information:

For as long as necessary for the purpose(s) outlined in this Policy;

As required by law (e.g., aviation, tax, accounting);

For the statute of limitations to defend or bring legal claims.

We apply internal retention schedules and delete or anonymize data when it is no longer needed.

 

8) Security

We use administrative, technical, and physical safeguards aligned with industry frameworks (e.g., NIST) to protect personal information. No method of transmission or storage is 100% secure. If required by law, we will notify you and relevant authorities of a data breach.

 

9) Cookies, Pixels & Similar Technologies

We use:

Strictly necessary cookies - required to make the site work and to understand usage and improve the Services.

Advertising/retargeting cookies - to deliver relevant ads and measure campaign performance.

Preference cookies - to remember settings (e.g., language, region).

Manage your choices:

Our Cookie Banner / Preference Center lets you accept or reject non-essential cookies.

You can also use browser settings or platform tools (e.g., Google Ad Settings, NAI/DAA opt-outs).

For "Do Not Sell or Share My Personal Information" (CPRA), see Section 10.

 

10) Your Privacy Rights

Your rights depend on where you live. Subject to exceptions, you may have the right to:

Access / Know the categories and specific pieces of personal information we hold (CA, VA, CO, CT, GDPR, etc.).

Delete / Erase your information.

Correct / Rectify inaccurate data.

Portability - receive your data in a portable format.

Opt-out of:

Sales or Sharing (as defined under CPRA and similar US state laws),

Targeted advertising (VA, CO, CT, etc.),

Automated decision-making / profiling where applicable.

Limit use of Sensitive Personal Information (CPRA).

Appeal a refusal of your request (Virginia, Colorado, Connecticut).

Withdraw consent (GDPR/UK GDPR) where consent is the legal basis.

Lodge a complaint with your data protection authority (GDPR/UK GDPR, LGPD, etc.).

How to exercise your rights

Submit a request at [link to web form] or email privacy@zerogravityx.com with "Privacy Request" in the subject line.

We may verify your identity before responding (and, in some cases, ask for additional documentation).

Authorized agents (California) may submit on your behalf with proper proof of authority.

We will not discriminate against you for exercising a privacy right.

California Notice at Collection (CPRA)

We collect the categories of personal information described in Section 3 for the purposes and with the disclosures set out above. We may "share" (as defined in CPRA) for cross-context behavioral advertising. You can opt out using our "Do Not Sell or Share My Personal Information" link (footer) or by contacting us. We do not knowingly sell or share personal information of children under 16.

 

11) Children's Privacy

Our Services are not directed to children under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect their personal information without verifiable parental consent. If you believe a child has provided personal data without consent, contact us to delete it.

 

12) Automated Decision-Making & Profiling

We do not use automated decision-making that produces legal or similarly significant effects without human involvement. If this changes, we will inform you and, where required, offer an opt-out or impact explanation.

 

13) Third-Party Links & Social Media

Our Services may link to third-party sites, plug-ins, or social networks. We are not responsible for their privacy practices. Review their policies before providing information.

 

14) Changes to this Policy

We may update this Policy from time to time. The "Effective date" at the top indicates when the latest version took effect. If changes are material, we will provide additional notice as required by law.

 

15) Contact Us

Zero-GravityX Ltd.Attn: Privacy Team / Data Protection Officer[Company Address]Email: privacy@zerogravityx.comTel: [+1 xxx xxx xxxx]

e agreement and may be updated at ZX's discretion; continued use = acceptance. You agree to indemnify ZX, its directors, employees and contractors against claims arising from your breach of these Terms or applicable law

13.Termination

ZX may suspend or terminate services for any breach; obligations incurred before termination survive. Provisions intended to survive (e.g., IP, liability, indemnity) continue post-termination.

14.Governing Law & Venue

These Terms are governed by U.S. law; exclusive venue is Miami,Florida, without regard to conflict-of-law rules.

17.Changes to Terms

ZX may modify these Terms at any time by posting an updated version. Changes take effect immediately on posting; continued use of the site signifies acceptance.

15.Contact

Questions? Email legal@zerogravityx.com.