Privacy Policy
Effective: July 9, 2026
Skyjunxion FZCO (the "Company", "we", "us" or "our") has created this Privacy Policy in order to demonstrate and communicate our commitment to doing business with high ethical standards and appropriate internal controls.
Skyjunxion FZCO, registration number DMCC188473, registered office at AstroLabs, Jumeirah Lakes Towers, Cluster R, Unit R6, Unit Code RET-R6-123, Dubai, United Arab Emirates, operates the website https://www.fynally.ai and the Fynally platform. Privacy contact: privacy@fynally.ai. Legal contact: legal@fynally.ai.
Fynally is an AI-powered corporate travel governance, approval, policy and audit platform. Fynally does not book, arrange, sell, ticket, fulfil, or manage travel services, and does not act as a TMC, OTA, expense management platform, payment processor, merchant of record, reseller, or travel fulfilment provider.
This Privacy Policy and any other documents referred to in it set out the basis on which we collect and process personal data as a data controller when you use https://www.fynally.ai (the "Website"), contact us, submit a design partner or commercial inquiry, or use Fynally under an agreement with us. Please read the following carefully to understand our views and practices regarding personal data and how we will treat it.
This Privacy Policy covers use of personal data by us and our affiliate companies when you use the Website or Fynally. It does not apply to personal data that we process on behalf of a business customer as that customer's data processor or service provider inside the Fynally platform, except to the extent this Privacy Policy is expressly incorporated into an agreement with that customer.
1. Data controller
For personal data collected through the Website, commercial inquiries, account administration, billing, security operations, support, and our own business operations, the data controller is Skyjunxion FZCO, registration number DMCC188473, registered office at AstroLabs, Jumeirah Lakes Towers, Cluster R, Unit R6, Unit Code RET-R6-123, Dubai, United Arab Emirates.
When Fynally processes trip request data, approval data, policy data, workspace data, audit records, integration payloads, uploaded files, email content, chat content, calendar objects, screenshots, images, PDFs, or related customer-controlled content for a business customer, the customer is normally the controller or business and Skyjunxion FZCO acts as processor or service provider under the applicable customer agreement and data processing terms.
2. Product and market scope
Fynally is an AI-powered corporate travel governance, approval, policy and audit platform. Fynally does not book, arrange, sell, ticket, fulfil, or manage travel services, and does not act as a TMC, OTA, expense management platform, payment processor, merchant of record, reseller, or travel fulfilment provider.
Fynally is designed for finance-led business customers that need governed pre-spend travel approvals, deterministic policy evaluation, price snapshot evidence, immutable audit records, and finance export readiness. Our primary commercial focus is the United States and our secondary commercial focus is the Middle East. We do not intentionally target individuals or organizations in the European Union, the United Kingdom, or Switzerland through the Website or Fynally.
3. Legal basis for processing
We will only use personal data when the law allows us to. Most commonly, we will use personal data in the following circumstances:
- To fulfil our contractual obligations to you or to the organization you represent.
- Where it is necessary for our legitimate business interests or those of a third party, and your interests and fundamental rights do not override those interests.
- To comply with a legal obligation.
- Where you have given consent for a specific purpose, where consent is required by applicable law.
To the extent we process personal data for any other purposes, we will ask for consent in advance or require that our partners obtain such consent where applicable.
4. Personal data we may collect
Personal data means any information about an individual from which that individual can be identified. It does not include data where the identity has been removed.
We may collect, use, store and transfer different kinds of personal data, which we have grouped together as follows:
- Identity Data: first name, surname, username or similar identifier, work role, job title, company name, workspace identity, approver identity, requester identity, and user identifiers assigned by customer-selected collaboration or identity systems.
- Contact Data: business address, telephone number, email address, employer or organization, and communication preferences.
- Account Data: login data, authentication events, role, permissions, workspace membership, customer account status, support history, and account administration records.
- Financial and Transaction Data: invoicing details, payment status, subscription tier, usage, seat counts, trip counts, billing contacts, and records of payments to and from us. We do not act as a payment processor.
- Travel Governance Data: trip request details, itinerary-like information supplied by a customer or user, requested route, dates, times, price, currency, policy outcome, approval outcome, decision payload, price snapshot metadata, audit metadata, artifact hash, policy version hash, comments, uploaded files, screenshots, PDFs, images, email content, chat content, and calendar objects submitted to Fynally for governance, approval, policy, price validation, or audit purposes.
- Technical Data: internet protocol address, device identifiers, login data, browser type and version, time zone setting and location inferred from IP address, browser plug-in types and versions, operating system and platform, event logs, correlation identifiers, diagnostic data, and other technology on the devices used to access the Website or Fynally.
- Profile Data: username and password, company profile, workspace settings, preferences, feedback, survey responses, and records of interactions with the Website or Fynally.
- Usage Data: information about how you use the Website and Fynally, including clickstream data, page response times, download errors, length of visits, page interaction information, feature usage, audit export usage, approval interaction events, and methods used to browse away from the Website.
- Marketing and Communications Data: preferences in receiving marketing from us and communication preferences.
- Aggregated Data: statistical or demographic data for any purpose. Aggregated Data may be derived from personal data but is not treated as personal data if it does not directly or indirectly reveal identity.
Special category or sensitive personal data is not anticipated or requested. Customers and users must not submit special category personal data unless it is strictly necessary for a legitimate business purpose and lawful for the customer to provide. If special category or sensitive personal data is inadvertently included in customer-controlled content submitted to Fynally, we process it only as necessary to provide the platform, secure the platform, comply with law, or follow the applicable customer agreement.
5. If you fail to provide personal data
Where we need to collect personal data by law or under the terms of a contract, and you fail to provide that data when requested, we may not be able to perform the contract or provide the Website, Fynally, support, security, billing, or account administration. In this case, we may have to cancel or suspend access to Fynally or decline a request, but we will notify you if this is the case at the time.
6. How personal data is collected
We use different methods to collect data from and about you, including:
- Direct interactions: when you fill in forms, submit a design partner or commercial inquiry, create an account, subscribe to communications, correspond with us by email or otherwise, give us feedback, request support, or report a problem with the Website or Fynally.
- Customer and user submissions: when a business customer, requester, approver, administrator, or authorized integration submits trip request material, policy data, approval data, uploaded files, screenshots, images, PDFs, email content, chat content, calendar objects, comments, or other records to Fynally.
- Automated technologies or interactions: as you interact with the Website, Fynally, or our emails, we automatically collect Technical Data and Usage Data using cookies, server logs, web beacons, pixels, telemetry, security logging, and similar technologies.
- Customer-selected integrations: when a customer authorizes Fynally to receive information from collaboration, email, calendar, identity, storage, finance, or other business systems.
- Publicly available sources: including business contact information published on professional websites or professional social media profiles, where lawful and relevant to our business relationship.
7. Personal data we receive from other sources
We may receive personal data from business partners, customer-selected integration platforms, providers of technical, hosting, email, communication, identity, analytics, CRM, support, accounting, security, and infrastructure services, and from professional advisors.
Examples include Technical Data from analytics and security providers; Identity and Contact Data from customer-selected communication or identity systems; Email Communications and Contact Data from email systems; Business Contact and Financial Data from CRM or accounting systems; and Travel Governance Data from customer-selected integrations or customer-submitted artifacts.
8. Cookies and other web technologies
We use cookies or similar technologies on the Website and in Fynally to distinguish you from other users, operate the Website and Fynally, remember preferences, support security, understand usage, and improve our services.
Cookies may be persistent or session cookies. Persistent cookies are stored on a device between browser sessions. Session cookies link actions during a browser session and are deleted when the browser is closed.
We may use the following categories of cookies and similar technologies:
- Strictly necessary cookies and logs required to operate, secure, authenticate, and load the Website or Fynally.
- Functional cookies used to remember preferences and provide requested features.
- Analytics and performance technologies used to understand traffic, errors, performance, and usage.
- Marketing or communication technologies used only where enabled and lawful.
You can set browser options to stop accepting cookies or to prompt before accepting cookies. If you do not accept cookies, you may not be able to use all functionality of the Website or Fynally. We do not currently respond to browser Do Not Track signals. Where legally required, we will honor applicable opt-out preference signals and consent choices.
9. Uses made of personal data
We may use personal data for the purposes below:
- To register you or your organization as a customer, user, requester, approver, administrator, or contact.
- To provide, administer, secure, monitor, support, and improve the Website and Fynally.
- To ingest and normalize customer-submitted travel request artifacts, evaluate policy compliance deterministically, attach price snapshot evidence, route approval records through customer-selected systems, and create audit-ready records.
- To manage payments, fees, seat counts, usage, invoices, subscription administration, collections, and account records.
- To manage our relationship with you, including notifying you about changes to terms, this Privacy Policy, the Website, Fynally, security notices, operational notices, and support matters.
- To respond to inquiries, support requests, commercial requests, design partner applications, feedback, complaints, and legal requests.
- To administer and protect our business and the Website, including troubleshooting, data analysis, testing, system maintenance, support, updates, reporting, fraud prevention, and infrastructure security.
- To deliver relevant Website and Fynally content, measure or understand the effectiveness of communications, and improve customer relationships and experiences.
- To use data analytics to improve the Website, Fynally, marketing, security, customer relationships, and product quality.
- To create Aggregated Data and Statistical Data for business, operating, benchmarking, security, analytics, and product improvement purposes, provided it does not reveal the identity of a customer, user, or confidential customer information.
- To comply with applicable laws, lawful requests, regulatory obligations, tax obligations, accounting obligations, sanctions, export control, fraud prevention, dispute resolution, and enforcement of legal agreements.
We will not sell or rent personal data. We do not currently share personal data for cross-context behavioral advertising. We only use personal data for the purposes for which it was collected unless we reasonably consider that another compatible purpose is required or permitted by law.
10. AI, deterministic evaluation and automated processing
Fynally may use AI-assisted systems to interpret, extract, classify, normalize, summarize, or explain information contained in customer-submitted artifacts. Fynally does not use AI to make final approval decisions, enforce policy, authorize spend, or act as the approver. Policy evaluation, routing guardrails, approval state, evidence retention, audit records, and finance export records are governed by deterministic product controls and customer-authorized human actions.
Customers remain responsible for their travel policies, approval authority, user permissions, business decisions, and the legal basis for submitting personal data to Fynally.
11. Disclosure of personal data
We may share personal data with the categories of third parties set out below for the purposes described in this Privacy Policy:
- Members of our group, including subsidiaries, affiliates, or entities under common control.
- Business partners, contractors, and service providers used to provide services such as hosting, database, infrastructure, code repository, CI, email, communication, authentication, analytics, security, backup, CRM, accounting, customer support, and product operations.
- Customer-selected systems and integrations used by the customer for collaboration, email, calendar, identity, finance, storage, approval routing, or records management.
- Professional advisors, including lawyers, bankers, auditors, insurers, accountants, and consultants.
- Tax authorities, regulators, courts, law enforcement, governmental bodies, or other authorities where required or permitted by law.
- Parties involved in an actual or proposed business sale, merger, investment, financing, restructuring, acquisition, or transfer of assets.
We require service providers that process personal data for us to process it only for authorized purposes, protect it appropriately, and keep it confidential.
12. Current infrastructure posture and international transfers
At the date of this document, Fynally's current production infrastructure is located in the United States and includes GitHub (code repository), Supabase (database), Vercel (hosting), and AWS (CI infrastructure). This describes the current infrastructure posture only and is not a contractual data residency guarantee.
Because Fynally is operated by Skyjunxion FZCO from the United Arab Emirates and uses cloud infrastructure and service providers, personal data may be stored or processed in countries outside your country of residence. Data protection rules in those countries may be different from those in your country of residence. We take steps reasonably necessary to ensure that personal data is treated securely and in accordance with this Privacy Policy, applicable customer agreements, and applicable law.
13. Data security
We have put in place appropriate security measures intended to prevent personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way. These measures include role-based access controls, separation of duties where appropriate, encryption in transit, encryption at rest where supported by the relevant system, security logging, least-privilege access, restricted administrative access, and operational procedures for security incidents.
Where we have given you, or where you have chosen, a password or credential that enables access to Fynally, you are responsible for keeping that password or credential confidential. We ask you not to share passwords or credentials with anyone. We limit access to personal data to employees, contractors, service providers, and other third parties who have a business need to know. They are subject to confidentiality obligations.
We have put in place procedures to deal with suspected personal data breaches and will notify affected customers, individuals, or regulators where legally required.
Unfortunately, transmission of information via the Internet is not completely secure. Although we will endeavor to protect personal data, we cannot guarantee the security of personal data transmitted to the Website or Fynally. Any transmission is at your own risk.
14. Data retention
We retain personal data for as long as reasonably necessary to fulfil the purposes for which it was provided or collected, including satisfying legal, regulatory, tax, accounting, security, audit, reporting, dispute resolution, and contractual requirements.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for processing, whether those purposes can be achieved through other means, and applicable legal, regulatory, tax, accounting, or other requirements.
Customer-controlled records inside Fynally are retained in accordance with the applicable customer agreement, account settings, product configuration, and legal obligations. We may retain anonymized or Aggregated Data indefinitely for research, statistical, security, benchmarking, product improvement, and business purposes, provided it does not identify any person or disclose confidential customer information.
15. Your rights
Depending on your location and applicable law, you may have the right to request access to personal data, correction or deletion of personal data, restriction of processing, objection to processing, portability of personal data, withdrawal of consent, or information about how personal data is processed and disclosed.
If you wish to exercise rights regarding personal data controlled by Skyjunxion FZCO, contact us at privacy@fynally.ai. We may need to request specific information to confirm identity and authority before responding. We will respond within the timeframe required by applicable law.
If your request relates to personal data controlled by a Fynally customer, we may refer your request to that customer or process it on that customer's instructions, unless applicable law requires otherwise.
16. California privacy rights
If California privacy law applies to you and to our processing of your personal information, you may have rights to know about the personal information collected, used and disclosed; request deletion; request correction; opt out of sale or sharing; limit the use and disclosure of sensitive personal information; and not be discriminated against for exercising privacy rights, subject to exceptions under applicable law.
We do not sell personal information and do not currently share personal information for cross-context behavioral advertising. To exercise applicable California privacy rights, contact privacy@fynally.ai. Authorized representatives may submit requests where permitted by law, but we may require proof of authorization and verification of identity.
17. Children
The Website and Fynally are not intended for use by anyone under eighteen years of age. We do not knowingly collect personal data from anyone under eighteen. If you are under eighteen, do not submit personal data to the Website or Fynally. If we discover that we have received personal data from anyone under eighteen without appropriate authorization, we reserve the right to delete it.
18. Links to other websites
The Website and Fynally may contain links to websites or systems operated by third parties who are not bound by this Privacy Policy. When you click through to these websites or systems, our privacy practices no longer apply. We do not accept responsibility or liability for the privacy practices, content, or security of third-party websites or systems. We recommend that you examine the privacy statements for third-party websites and systems before using them.
19. Changes to this Privacy Policy
Any changes we make to this Privacy Policy in the future will be posted on the Website and, where appropriate, notified to you by email or in-product notice. Please check back frequently to see updates or changes to this Privacy Policy.
20. Contact
If you have any questions, comments or requests about this Privacy Policy, our privacy practices, or your dealings with Skyjunxion FZCO, you can contact us as follows:
- By email for privacy matters: privacy@fynally.ai
- By email for legal matters: legal@fynally.ai
- By post: Skyjunxion FZCO, AstroLabs, Jumeirah Lakes Towers, Cluster R, Unit R6, Unit Code RET-R6-123, Dubai, United Arab Emirates
Privacy: privacy@fynally.ai · Legal: legal@fynally.ai · Skyjunxion FZCO · DMCC188473