Privacy Policy
Last updated: 9 July 2026
This privacy policy explains how FlyMHD collects and processes your personal data when you use flymhd.com. We process your data in accordance with the General Data Protection Regulation (GDPR) and Danish data protection law.
1. Data controller
FlyMHD is the data controller for the processing of your personal data. If you have questions about this policy or wish to exercise your rights, contact us at hej@flymhd.com.
2. What we collect
Hosts: name, email, phone number, property address, listing details and photos, and optionally a CVR or CPR number. Payment details are handled solely by Stripe, and we never store your card details.
Guests: name, email, phone number and details of your bookings. Payments are handled by Stripe.
Automatically: technical data such as IP address and device information, plus strictly necessary cookies when you visit the site. See our cookie policy.
3. Purposes and legal basis
We process your data to:
- create and manage your account and listings, and complete bookings (legal basis: performance of a contract, GDPR art. 6(1)(b));
- charge subscriptions and route payments via Stripe (contract and legal obligation, art. 6(1)(b) and (c));
- send you service messages about verification, bookings and subscription (contract and legitimate interest, art. 6(1)(b) and (f));
- comply with accounting and tax law (legal obligation, art. 6(1)(c));
- prevent fraud and keep the platform secure (legitimate interest, art. 6(1)(f)).
4. Processors and recipients
We only share your data with trusted providers that process data on our behalf under a data processing agreement:
- Supabase (database, login and file storage), hosted in the EU (Ireland).
- Stripe (payments and payouts). Stripe may transfer data to the USA under the EU Commission's Standard Contractual Clauses (SCC).
- Resend (sending emails).
- Netlify (website hosting).
When you book, the necessary contact and booking details are shared between guest and host so the stay can take place.
5. Storage and deletion
We keep your data for as long as you have an account with us. If you delete your account, we soft-delete your data immediately and permanently remove it after 30 days. Data that forms part of bookings and payments is anonymised rather than deleted and retained under accounting law (generally 5 years), as we are required to be able to document transactions.
6. Your rights
Under the GDPR you have the right to access, rectify and erase your data, to restrict processing, to data portability and to object to processing. You may withdraw consent at any time. Contact us at hej@flymhd.com to exercise your rights.
You also have the right to complain to the Danish Data Protection Agency (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, datatilsynet.dk.
7. Security
We protect your data with technical and organisational measures, including encryption in transit (HTTPS), row-level access control in the database and storage of keys in secure environment variables. Payments are handled solely by Stripe.
8. Changes
We may update this policy. We will announce material changes on the site or by email. The current version is always available on this page.
Contact: hej@flymhd.com