Last updated: May 2026. This policy explains how In Flight Catering Software TCI Ltd ("IFCS", "we", "us") collects, uses, stores, and protects personal data when you visit ifcs.aero or use the Galley X platform.
Who we are
In Flight Catering Software TCI Ltd is the data controller for ifcs.aero and the Galley X platform. You can reach our privacy team at privacy@ifcs.ca.
Information we collect
We collect personal data in three categories:
- Website visitors: IP address, browser, device type, pages viewed, referrer, and any information you submit via demo or contact forms (name, email, company, role, message).
- Galley X users: account credentials, role assignments, tenant membership, audit logs of in-product actions, and any catering, flight, or compliance data your organization chooses to process in the platform.
- Business contacts: contact details we collect during sales conversations, partnership discussions, and event interactions.
How we use personal data
- To respond to demo requests, support tickets, and other inquiries
- To deliver, secure, and improve the Galley X platform under our contracts with customers
- To meet legal, regulatory, and food-safety obligations (including FSMA 204 traceability)
- To detect and prevent fraud, abuse, and security incidents
- To send operational and (where permitted) marketing communications you can unsubscribe from at any time
Legal bases (GDPR)
Where the GDPR applies, we process personal data on the bases of (a) performance of a contract, (b) legitimate interests in operating and improving our software, (c) legal obligations, and (d) consent, where required.
Sharing and sub-processors
We share personal data with vetted sub-processors that help us deliver Galley X — including cloud hosting, error monitoring, and customer support tooling. We do not sell personal data. A current list of sub-processors is available on request.
International transfers
Galley X is hosted on AWS with regional deployment options. Where personal data is transferred across borders, we rely on Standard Contractual Clauses and equivalent safeguards.
Retention
We retain personal data for as long as needed to provide the service, meet legal and regulatory obligations, and resolve disputes. Customer-controlled tenant data is retained per the contractual terms of each Galley X deployment.
Security
Galley X operates with SOC 2 Type II controls and GDPR-aligned safeguards. Data is encrypted in transit (TLS) and at rest (KMS / AES-256), with per-tenant isolation, SSO, MFA, and detailed audit logging.
Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. To exercise these rights, email privacy@ifcs.ca.
Cookies
ifcs.aero uses a minimal set of cookies for site functionality and analytics. You can control cookies through your browser settings.
Changes to this policy
We may update this policy as our services and the regulatory landscape evolve. The "last updated" date at the top of the page reflects the most recent revision.
Contact
For any privacy question, write to privacy@ifcs.ca or call +1 (212) 472-3856.