Select language
Join picniq
Legal

Privacy Policy

Last updated: June 2026

This Privacy Policy explains how picniq ApS processes personal data when you use picniq.net, open.picniq.net, and related services. It should be read together with our Terms of Service.

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act (databeskyttelsesloven).

1. Who we are (data controller)

picniq ApS (CVR no. 46527836), Tagensvej 112, 2200 Copenhagen, Denmark, is the data controller for the personal data described in this policy.

Contact for privacy matters: privacy@picniq.net

We have not appointed a Data Protection Officer. Privacy enquiries should be sent to the address above.

2. How we obtain your data

We obtain personal data:

  • directly from you, when you purchase through picniq.net or create an account at open.picniq.net; and
  • from our travel partners and online travel agencies (OTAs), who provide booking information when you purchase picniq as an add-on to a flight.

Where we receive your data from an OTA, that OTA is responsible for informing you about, and having a lawful basis for, the sharing of your data with us.

3. What data we collect

  • Booking data โ€” flight number, route, dates, passenger name and email, received from our OTA partners or entered by you.
  • Account data โ€” email address and basic profile information from your Google, Apple, or Facebook login (if you use open.picniq.net).
  • Usage data โ€” pages visited, emails opened, links clicked, collected on a pseudonymous basis.
  • Claim data โ€” disruption details, correspondence with airlines, and any receipts you upload in support of expense claims.

We do not intentionally collect special categories of personal data. If you include such data in correspondence or uploaded receipts (for example, health information relevant to a disruption), you do so on your own initiative.

4. Why we process your data and our legal basis

Purpose Legal basis
Monitoring your flight and preparing and delivering your Journey Report Performance of a contract (Art. 6(1)(b)) โ€” with you directly, or to provide the service contracted for your benefit through an OTA
Assisting you in preparing a request to an airline, if you choose to Performance of a contract (Art. 6(1)(b))
Improving our service and detecting errors in our data-enrichment pipeline Legitimate interests (Art. 6(1)(f)) in operating and improving a reliable service
Detecting and preventing fraud and securing our systems Legitimate interests (Art. 6(1)(f))
Sending marketing emails Consent (Art. 6(1)(a)), which you may withdraw at any time
Retaining records for accounting and tax purposes Legal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, you have the right to object (see section 9).

5. Automated analysis and decision-making

We use automated and AI-assisted analysis to interpret flight, weather, and disruption data and to help generate template correspondence. These tools support the preparation of your Journey Report; they do not make decisions that produce legal effects concerning you or that similarly significantly affect you. You decide whether to submit any request or claim, and any final determination of your rights rests with the airline, a regulator, an ADR body, or a court.

6. Who we share data with

We use the following service providers, who process personal data on our behalf as processors under data processing agreements, unless stated otherwise:

  • Mailgun โ€” email delivery (receives recipient email addresses and email content).
  • Supabase โ€” database hosting (EU region, Frankfurt).
  • Netlify โ€” website hosting and serverless functions.
  • Stripe โ€” payment processing for B2C purchases. We do not store card numbers; Stripe acts as an independent controller for certain payment data.

Checking the status of a flight, and the automated analysis used to prepare your Journey Report, are carried out using flight, weather, and operational data identified by flight number and date. These processes do not involve sharing your personal data with the flight-data or analysis providers we rely on.

We do not sell personal data, and we do not share it with airlines except where you ask us to assist you in contacting an airline in your own name.

7. Where we process your data

All personal data we process is hosted and processed on servers located within the European Economic Area (EEA). We do not transfer your personal data outside the EEA.

If this position changes โ€” for example, if we engage a provider that processes personal data outside the EEA โ€” we will update this policy and put an appropriate safeguard under Chapter V GDPR in place before any such transfer takes place.

You may request further information about where your data is processed by contacting privacy@picniq.net.

8. Data retention

We retain personal data only for as long as necessary for the purposes set out above:

  • Booking and claim data โ€” retained for as long as needed to provide the service and to establish, exercise, or defend legal claims. Because limitation periods for air-passenger claims vary by jurisdiction, the applicable period depends on the journey and the framework involved.
  • Account data โ€” deleted within 30 days of account deletion.
  • Accounting records โ€” retained as required by Danish bookkeeping law.

You may request deletion at any time (see section 9).

9. Your rights

Under the GDPR you have the right to: access your data; have inaccurate data corrected; have your data erased; restrict processing; data portability; object to processing based on our legitimate interests and to direct marketing; and withdraw consent at any time where processing is based on consent. You also have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (see section 5).

To exercise any of these rights, email privacy@picniq.net.

You also have the right to lodge a complaint with the Danish Data Protection Agency, Datatilsynet (datatilsynet.dk), or with the supervisory authority in your country of residence.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration, taking into account the nature of the data and the risks involved.

11. Children

The service is intended for users who are at least 18 years old and is not directed at children. We do not knowingly collect personal data from children.

12. Cookies

We use essential session cookies only. We do not use advertising or cross-site tracking cookies. Where analytics are used, they rely on anonymised data with no cross-site tracking.

13. Users outside the EU/EEA

Where we offer the service in other jurisdictions, additional local data-protection requirements may apply, and we will provide further information where those requirements call for it.

14. Changes to this policy

We may update this policy from time to time. For material changes we will provide reasonable notice before the changes take effect.

Contact

Questions about this policy: privacy@picniq.net

Looking for the terms of the service? Read the Terms of Service
Privacy Terms
ยฉ 2026 picniq ยท picniq.net