Effective Date: 12 May 2026 Version: 1.0 Document ID: PRIVACY-DRONEFIELD-v1.0 Language: English (binding)
This Privacy Policy explains how DroneSpot Kft. ("Provider", "we", "us") collects, uses, stores, shares, and protects personal data about the users of the DroneField Portal at https://my.dronefield.app, the DroneField desktop application ("Software"), and our public documentation site at https://doc.dronefield.app (collectively, the "Services").
This Privacy Policy is the authoritative document for all data-protection questions concerning the Services. It applies together with two other documents:
If there is a direct conflict between this Privacy Policy and any other document on a data-protection question, this Privacy Policy prevails.
Who this Policy is for. This Policy is written for:
Plain-language commitment. We have written this Policy in clear language, with concrete examples, so that you can understand what we actually do with your data โ not just what the law allows us to do in theory. Where a section is dense or technical, we have included a short summary. Summary boxes are marked as such and are for orientation only; the binding text is the full section.
Your data, your control. A practical reminder before we go into the legal detail: your aerial imagery, orthomosaics, vegetation index maps, application maps, and PDF reports never leave your computer. The Software is designed to run entirely on your own Device, and the Portal exists only to manage your Account, your purchases, and your Software downloads. The data we do receive is limited to what is necessary to operate these specific Services and is described in detail below.
The data controller for the personal data described in this Policy is:
In line with Article 13 of the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), DroneSpot Kft. determines the purposes and means of the processing of your personal data in connection with the Services, and is therefore the controller of that processing โ except where this Policy expressly identifies another party as a joint controller or independent controller (for example, Stripe for payment data, as described in Section 8).
No designated Data Protection Officer. We have assessed our processing activities under Article 37 of the GDPR and have concluded that the appointment of a Data Protection Officer (DPO) is not legally required in our case. Our core activities do not consist of large-scale regular and systematic monitoring of data subjects, nor of large-scale processing of special categories of personal data. The general contact email above is the contact point for all data-protection enquiries; we will respond personally to every enquiry.
If, in the future, our scale of operations changes such that a DPO becomes required, we will appoint one and update this Policy accordingly with at least thirty (30) days' advance notice on the Portal.
The following words have the meanings set out below throughout this Policy. They follow the definitions used in the GDPR.
This Section sets out, in detail, every category of Personal Data that we collect through the Services. We do not collect Personal Data outside these categories, and we do not collect more data within each category than is necessary for the specific purpose.
Plain-language summary. We collect: your email and billing info (to run your Account), a hash of your password (to log you in safely), an identifier and basic hardware info for each Device that runs the Software (to enforce the one-active-Device licence rule), a small periodic "I'm online" signal from the Software (Heartbeat), payment metadata coming back from Stripe (we don't see your full card), optional anonymous usage telemetry (which you can turn off), anything you write to us in support tickets, and basic web logs when you visit our sites. We do NOT collect your drone imagery, your orthomosaics, your vegetation index maps, your field boundaries, or your application maps โ those stay on your computer.
Account data. When you create and use an Account, we process:
Device data. Each Device on which you log in to the Software is registered to your Account. For each Device we process:
Operational signals. While the Software runs on your Device, it sends three categories of low-volume operational signal to the Portal, as also described in Section 11 of the EULA:
Telemetry data (opt-out). If telemetry is enabled in the Software (it is on by default and can be turned off at any time under Settings โ Privacy), the Software sends a small set of anonymised events, in particular:
MISSING_MRK, with no surrounding context;Telemetry data does not contain user content, geographic coordinates, email addresses, image data, boundaries, doses, or any identifier that could be linked back to a specific Project, a specific image, or a specific field on the ground.
Payment data. When you place a paid Order, payment is processed by Stripe (see Sections 8 and 9 of the Terms of Service). We do not store your full card number, expiry date, or CVV/CVC. We receive only:
Invoice and accounting data. For each paid Order, we generate and retain an electronic invoice containing the data described in Section 10 of the Terms of Service. This includes your billing name and address, the items purchased, and the tax amounts. Invoices are retained for the statutory eight (8) years under Hungarian accounting law.
Support data. When you contact us through the support channel โ by email at [email protected] or through any in-Portal support form โ we process:
You decide what to put into a support message. Please do not include sensitive personal data (such as health information or government identifiers) unless it is strictly necessary for us to help you.
Local log files. The Software writes diagnostic log files to your local Device (typically under ~/Library/Logs/DroneField/ on macOS, with equivalent paths on Windows and Linux). These logs stay on your Device and are not transmitted to us automatically. They reach us only if you actively attach them to a support request.
Web access data. When you visit the Portal or the documentation site, our servers and content-delivery network automatically log technical information needed to serve the requested page, including:
These logs are used to operate the service, diagnose problems, and protect against abuse. They are kept for the period set out in Section 10 (Retention Periods).
Cookies and similar technologies. Cookies set by the Portal and the documentation site are described separately in Section 7.
We obtain the Personal Data described in Section 4 from the following sources.
Directly from you. Most of the Personal Data we process comes directly from you, either when you actively provide it or when our Services automatically generate it on your behalf. This includes:
From third parties. For specific, narrow purposes, we receive Personal Data from third-party services with whom you also interact:
From public sources. In limited cases โ for example, sanctions screening or fraud investigation โ we may consult publicly accessible sources such as the EU sanctions list or the public company register, in order to verify that we are permitted to do business with you. These consultations are ad-hoc, narrowly scoped, and limited to the data necessary for the specific check.
No data brokers. We do not purchase, rent, or otherwise acquire Personal Data from data brokers, marketing list providers, or any similar source. Every piece of Personal Data we hold about you came either from you directly or from one of the third parties listed above for a specific, identified purpose.
Under Article 6(1) of the GDPR, every Processing of Personal Data must have a legal basis. The text below sets out, for each category of Personal Data described in Section 4, why we process the data (the purpose) and on what legal basis under Article 6(1).
The relevant legal bases used in this Policy are:
Account data โ purpose and basis. We process your email, password hash, profile information, and authentication tokens in order to create, authenticate, and maintain your Account, and to give you access to the parts of the Service for which you are entitled (your Subscription, Project Packages, etc.). The legal basis is Contract (b): without this processing, we cannot provide the Service you have asked us to provide.
Billing information โ purpose and basis. We process your billing name, address, and (where applicable) VAT number in order to issue an invoice that complies with Hungarian and EU tax law, to validate VAT numbers through VIES, and to determine the correct VAT treatment of your Order (Section 8 of the Terms of Service). The legal basis is Contract (b) for the part of the processing necessary to fulfil your Order, and Legal obligation (c) for the part required by Hungarian accounting and tax law.
Device data โ purpose and basis. We process the Device UUID, hardware fingerprint hash, name, platform, and basic hardware information in order to:
The legal basis is Contract (b) for the licence-enforcement aspect, and Legitimate interest (f) for the fraud-prevention and diagnostic aspects. Our legitimate interest is in protecting our business from licence-related fraud and in maintaining the quality of the Service for all Users; we have weighed this against your interests and concluded that the processing is proportionate, because the data we collect is minimal, is not used for any unrelated purpose, and does not include the content of your Projects.
Operational signals (Heartbeat, License check, Version check) โ purpose and basis. We process these signals in order to operate the Software's online-activation model: to know that an Account is currently active on a Device, to confirm that the User's Licence is still valid, and to inform Users when a new stable version is available. The legal basis is Contract (b): these signals are essential for the Software to function in the way you have agreed to use it.
Telemetry data โ purpose and basis. We process telemetry events in order to understand how the Software is used in aggregate, to identify common error patterns, and to prioritise our product roadmap. The legal basis is Consent (a): telemetry is on by default but can be disabled at any time under Settings โ Privacy, and disabling it has no negative effect on your access to the Service. You can withdraw your consent to telemetry processing at any time with the same single click, and the withdrawal is effective for future processing.
Where you have disabled telemetry, we may still process aggregated, irreversibly anonymised counts of telemetry events received before the withdrawal, on the basis of Legitimate interest (f), strictly for historical product analytics. Such counts cannot be linked back to your Account or to your Device.
Payment data โ purpose and basis. We process Stripe payment tokens, masked card summaries, payment statuses, and Stripe customer identifiers in order to collect payment for your Orders and to manage refunds and Subscription renewals. The legal basis is Contract (b). The actual processing of the underlying card data is performed by Stripe as an independent controller, under Stripe's own privacy notice and PCI-DSS framework (see Section 8).
Invoice and accounting data โ purpose and basis. We process the contents of your invoices, your Order history, and the data submitted to NAV in order to comply with Hungarian accounting law (Act C of 2000) and Hungarian tax law (Act CL of 2017). The legal basis is Legal obligation (c), with an 8-year statutory retention period that overrides any earlier deletion request from you (see Section 10).
Support data โ purpose and basis. We process the contents of your support tickets, including any attachments you choose to send, in order to respond to your enquiry, resolve the underlying issue, and improve the Service. The legal basis is Contract (b) where the support concerns an issue with the Service for which we are responsible, and Legitimate interest (f) where the support is general (for example, a "how do Iโฆ" question). Our legitimate interest is in operating an effective support channel; the processing is limited to the content you have voluntarily provided.
Web access data โ purpose and basis. We process IP addresses, user-agent strings, timestamps, and requested URLs from your visits to the Portal and the documentation site in order to:
The legal basis is Contract (b) for the serve-the-page aspect (where you are a logged-in User) and Legitimate interest (f) for the rest, including for non-logged-in visitors. Our legitimate interest is in operating a secure and reliable Service; the data we keep is technical and is automatically deleted after the period set out in Section 10.
Marketing communications โ purpose and basis. Where you have explicitly opted in to receive marketing emails from us, we process your email address and your basic profile information in order to send you the newsletter and any other promotional content you have agreed to receive. The legal basis is Consent (a). You can withdraw your consent at any time by clicking the unsubscribe link in any marketing email, or by changing the relevant setting on the Portal under Profile โ Communication preferences. Withdrawal of marketing consent has no effect on the Account, on any active Subscription, or on the transactional and service messages you continue to receive (which are based on Contract (b), not on consent).
Cookies โ purpose and basis. Cookies are described in detail in Section 7. The legal basis for the strictly necessary cookies we set is Legitimate interest (f) combined with the exemption under Article 5(3) of the ePrivacy Directive (functional cookies do not require consent). We do not set any non-essential cookies โ no analytics cookies, no marketing cookies, no third-party tracking cookies.
Sanctions and fraud screening โ purpose and basis. Where we cross-check your registration or your Order against public sanctions lists or against fraud-pattern signals from Stripe, the legal basis is Legal obligation (c) (compliance with EU and Hungarian sanctions law) combined with Legitimate interest (f) (protecting the Service against payment fraud). These checks are run only as needed and produce only a pass/fail signal, not a profile.
This Section describes the cookies and similar technologies we set when you visit the Portal or the documentation site. We are committed to using cookies only where they are necessary or where you have given your consent; we do not set marketing, advertising, or third-party tracking cookies.
What is a cookie. A cookie is a small text file that a website asks your browser to store on your device. When your browser sends a subsequent request to the same website, it includes the cookie value, allowing the website to recognise the same browser across requests. Cookies are not programs and cannot execute code on your device; they are simple identifiers.
The cookies we set on the Portal (my.dronefield.app). All cookies set by the Portal are strictly necessary for the operation of the Service and do not require consent under EU ePrivacy law (Article 5(3) of Directive 2002/58/EC, as amended). They are:
*_session or equivalent) โ used to keep you logged in across Portal pages during a single browsing session. Expires when you close your browser, or earlier if you log out. Strictly necessary; legal basis: Legitimate interest (f) plus ePrivacy exemption.XSRF-TOKEN or equivalent) โ used to protect form submissions against cross-site request forgery attacks. Strictly necessary for security; legal basis: Legitimate interest (f) plus ePrivacy exemption.The cookies we set on the documentation site (doc.dronefield.app). The documentation site is publicly accessible and does not require login. It sets the following:
No marketing cookies, no analytics cookies, no third-party trackers. We do not set or allow any of the following:
If we ever decide in the future to add a cookie that would require consent under EU ePrivacy law (for example, an analytics cookie to better understand documentation usage), we will introduce a cookie consent banner before activating it, and we will not load such cookies until you have given your active consent.
Local storage (browser). The Portal also uses small amounts of browser local storage to remember your UI preferences (for example, the selected sort order on a page, or whether a panel is expanded). These values stay on your device, are not transmitted to us, and can be cleared by clearing your browser's site data for the Portal.
Managing cookies. You can refuse, delete, or block cookies through your browser's settings. Most modern browsers offer granular controls. If you block the strictly necessary cookies listed above, the Portal will not be able to keep you logged in, and certain forms will not submit safely; we recommend leaving those cookies enabled. If you block the functional cookies, your preferences will not persist between sessions.
More information. General information about cookies, your rights, and how to control them is available from your national data-protection authority and from the Information Commissioner's Office at https://ico.org.uk/your-data-matters/online/cookies/ (independent reference, not affiliated with the Provider).
This Section sets out every third party with whom we share Personal Data in connection with the Services. For each, we identify the role (Processor or independent Controller or Recipient), the purpose of the sharing, the data shared, and the location of processing.
Processors acting on our behalf. The following parties process Personal Data on our behalf, under a written Data Processing Agreement that meets the requirements of Article 28 GDPR.
Amazon Web Services EMEA SARL (AWS). Role: Processor. Purpose: cloud hosting of the Portal application, database, and installer files. Data shared: substantially all categories listed in Section 4, while they remain on our servers. Location of processing: EU (Frankfurt, eu-central-1); AWS does not transfer the data outside the EU for the operation of these services. Safeguards: AWS GDPR Data Processing Addendum, ISO 27001, SOC 2 Type II, and contractual EU-region pinning.
Resend, Inc. Role: Processor. Purpose: delivery of transactional and (where applicable) marketing emails. Data shared: your email address, your name (if used in the email body), the email subject and body that we send, and metadata about each delivery (timestamp, delivery status, bounce/complaint signals returned by your mail server). Location of processing: Resend is incorporated in the United States; we use Resend's EU data residency option where available, so that email content and metadata are processed primarily in the EU. Safeguards: Resend Data Processing Addendum incorporating EU Standard Contractual Clauses (SCCs, Commission Implementing Decision (EU) 2021/914), and Resend's SOC 2 Type II controls. See also Section 9 on international transfers.
Independent controllers. The following parties process Personal Data in connection with the Service but determine their own purposes and means independently โ they are independent Controllers, not our Processors. Their privacy practices are governed by their own privacy notices.
Stripe Payments Europe, Limited (Stripe). Role: independent Controller. Purpose: processing card and other payments under the EU Payment Services Directive 2 (PSD2) and PCI-DSS. Data shared: your name, email address, country, payment-instrument data you enter directly into Stripe's hosted form (we never see it), Order amount and currency, and โ for invoice generation โ your billing address. Location of processing: Stripe Payments Europe, Limited is based in Ireland; some Stripe back-end processing may take place in the United States. Safeguards: Stripe's compliance with PCI-DSS, EU Standard Contractual Clauses for any transfer to the US, and Stripe's own privacy notice at https://stripe.com/privacy.
Recipients in the legal sense. The following parties may receive Personal Data because we are legally required to provide it, but they are neither our Processors nor controllers of our processing.
Hungarian Tax Authority (NAV). Role: Recipient by virtue of legal obligation. Purpose: receipt of mandatory invoice-data submissions under the NAV Online Szรกmla system. Data shared: the contents of your invoices as required by Hungarian VAT law. Location of processing: Hungary. Safeguards: legal obligation under Act CL of 2017; data flows on a one-way basis from us to NAV.
Competent courts, public authorities, and regulators. Role: Recipient. Purpose: response to a lawful order, court process, or regulatory request. Data shared: the minimum necessary to respond to the specific order. We assess the lawfulness of each request and, where the law allows, notify the affected Data Subject before disclosure.
Professional advisers. Role: Recipient or Processor as the case requires. Purpose: receiving legal, accounting, or auditing services from our external advisers, where Personal Data is necessarily implicated. Data shared: only the minimum necessary for the specific matter. Safeguards: professional confidentiality obligations of the relevant adviser.
No sale of Personal Data. We do not sell Personal Data to any third party. We do not share Personal Data with advertising networks, data brokers, or marketing-list providers. We do not share Personal Data with any third party except as expressly listed in this Section, or with your explicit consent, or as required by a legally binding obligation.
Up-to-date list. The list above is the complete list of third-party Recipients and Processors at the date of this Policy. If we add a new Processor or Recipient โ for example, by switching email delivery providers โ we will update this list before the new Processor begins to process your Personal Data, and we will publish the change on the Portal under Legal Documents as a minor change to this Policy in line with Section 17.
The European Union has a strong data-protection regime, and we keep your Personal Data within the EU wherever practical. This Section explains the limited cases in which Personal Data may be transferred outside the EU, and the safeguards that apply.
Default: EU-only processing. Our primary cloud hosting (AWS) is configured to keep your Personal Data in AWS Frankfurt (eu-central-1), within the European Union. Our database, our application servers, our installer storage, and our internal back-up storage are all located in the EU. The Portal and the documentation site are served from the EU.
Transfers to the United States โ Resend. As described in Section 8, Resend, Inc. is incorporated in the United States. We use Resend's EU data residency option, which keeps the content of your transactional and marketing emails โ together with the metadata about each delivery โ primarily in the EU. However, certain operational aspects of Resend's service (for example, account administration, billing infrastructure, and security monitoring on Resend's side) may involve the processing of limited Personal Data in the United States.
For these limited transfers, we rely on the following safeguard under Chapter V of the GDPR:
In addition, Resend is contractually obliged to notify us of any third-country government access request and to challenge such requests to the extent permitted by law. Resend's relevant certifications (SOC 2 Type II) form part of our supplementary technical and organisational measures assessment.
Transfers in connection with Stripe. As described in Section 8, Stripe acts as an independent Controller rather than as our Processor in respect of payment data. Stripe Payments Europe, Limited (an Irish entity) provides the Service to you, but some of Stripe's back-end processing may take place in the United States. The legal safeguards in place between Stripe and its US affiliates are described in Stripe's privacy notice at https://stripe.com/privacy and include SCCs and PCI-DSS controls. Because Stripe is an independent Controller, the transfer of Personal Data from you to Stripe is between you and Stripe, governed by Stripe's notice; we facilitate that flow but do not control it.
No other transfers. Other than the two narrow cases above (Resend email delivery and Stripe payment processing), we do not transfer your Personal Data outside the European Economic Area. We do not store backups outside the EU, we do not use offshore support teams, and we do not use any US-based analytics or marketing tools.
Your rights regarding international transfers. You have the right to request a copy of the safeguards applicable to any transfer of your Personal Data outside the EU. To exercise this right, please contact us at [email protected], mentioning the relevant Processor and the nature of the data; we will provide a redacted copy of the relevant SCCs, removing only the commercial terms that the law allows us to keep confidential.
We retain Personal Data only for as long as necessary for the purpose for which it was collected, subject to any longer period required by law. The text below sets out the standard retention periods for each category of Personal Data described in Section 4.
Plain-language summary. Most of your data lives as long as your Account does. If your Account is inactive for two years, we delete it after warning you. Invoices stay for 8 years because Hungarian law requires it. Backups age out after 90 days. Telemetry is anonymised after 24 months, and server logs after 90 days.
Account data. Retained while your Account is active. An Account is treated as inactive if you have not logged in to the Portal or the Software for twenty-four (24) months. If your Account becomes inactive:
If you actively delete your Account before reaching the 24-month inactivity threshold, the same effects apply immediately, except that the deletion of the Account does not trigger early deletion of accounting records.
Billing and invoice data. Retained for eight (8) years from the end of the financial year to which the invoice relates, in line with Hungarian Act C of 2000 on Accounting (sections 169(2) and 169(3)) and Hungarian Act CL of 2017 on the Rules of Taxation. This statutory period applies independently of any Account deletion; we cannot shorten it on request, except where mandatory law gives the Data Subject a specific right to early deletion in narrowly defined circumstances.
Device data. Retained while the Device is registered to your Account. When you revoke a Device on the Portal, the Device record is marked as Revoked and is retained for a further 90 days as part of your account-activity history (to give you visibility into past usage). After 90 days following revocation, the Device record is fully deleted.
Operational signals (Heartbeat, License check, Version check). Retained in our logs for 90 days in non-aggregated form. After 90 days, individual records are deleted; aggregated counts (for example, "number of Heartbeats received per day") may be retained indefinitely in anonymised form for capacity planning.
Telemetry data. Retained in identifiable form (linked to a Device UUID) for 24 months, then deleted from active databases. Aggregated, irreversibly anonymised statistics derived from telemetry may be retained indefinitely.
Payment data (Stripe references on our side). Retained for eight (8) years, because the Stripe customer identifier and the masked card summary are part of our accounting records (they identify the payment method used for an invoiced transaction). The underlying card data is held by Stripe under Stripe's own retention rules, which we do not control.
Support data. Retained for 36 months after the support ticket is closed, so that we have context for any follow-up the same User may submit later. After 36 months, the ticket and its attachments are deleted, except that anonymised summary statistics (for example, "average time to first response by topic") may be retained indefinitely.
Web access logs. Retained for 90 days in raw form, then deleted. Aggregated, anonymised access counts may be retained indefinitely for capacity planning.
Security audit logs (login attempts, password changes, Account locks, suspicious-activity events). Retained for 24 months, so that we can investigate incidents that come to light after the fact. After 24 months, these logs are deleted.
Database back-ups. Encrypted database back-ups are retained for 90 days on a rolling basis. After 90 days, individual back-ups are overwritten and the Personal Data they contained is no longer recoverable. If you exercise your right to erasure (Section 11), the data is removed from the active database immediately; it remains in the back-up tier until that back-up rolls over, with no risk of being restored to active use because we follow a strict "no-restore-without-re-deletion" protocol for any back-up that contains data we have been asked to erase.
Cookies. As described in Section 7, cookies expire according to their own individual lifetime (typically: session cookies โ until you close your browser; the Remember-me cookie โ 30 days; the theme cookie โ 12 months).
Longer retention by law. Where the law requires us to retain a specific category of data for longer than the periods above โ typically, accounting records under the 8-year rule โ that longer period applies, regardless of any deletion request from you.
Shorter retention on request. Where the law allows you to request earlier deletion of a specific category of data (for example, the right of erasure under Article 17 GDPR), we comply with the request within the periods set out in Section 12, subject to any statutory retention obligation we cannot waive.
As a Data Subject, you have a set of statutory rights under Chapter III of the GDPR (Articles 15 to 22). This Section sets out each right in plain language, the kind of request you can make, and where the limits lie. The practical procedure for exercising any of these rights is described in Section 12.
Plain-language summary. You can ask us: (a) what data we have about you, (b) to correct it, (c) to delete it, (d) to stop using it for certain purposes, (e) to send a copy to another service, or (f) to receive an explanation if you object. You can also withdraw any consent you have given. We respond within 30 days, free of charge.
Right of access (Article 15 GDPR). You have the right to obtain from us:
We provide one copy free of charge. If you request additional copies of the same data, we may charge a reasonable administrative fee that reflects the actual cost of producing the additional copy.
Right to rectification (Article 16 GDPR). You have the right to ask us to correct inaccurate Personal Data about you, and to complete Personal Data that is incomplete. Many corrections can be made by you directly on the Portal (for example, your billing address or display name); for the rest, you can contact us at any time.
Right to erasure ("right to be forgotten", Article 17 GDPR). You have the right to ask us to delete Personal Data about you where:
Limits. We may decline an erasure request where we are required by law to retain the data โ most notably, accounting records under the 8-year rule (Section 10) โ or where we need the data to establish, exercise, or defend legal claims. In such cases, we will explain in writing why the request cannot be fully honoured, and we will erase whatever portion of the data the law permits us to erase.
Right to restriction of processing (Article 18 GDPR). You have the right to ask us to stop processing your Personal Data (other than storing it) while a specific question is being resolved โ for example:
During the restriction, we will continue to store the data but will not use it actively, except with your consent or for the protection of legal claims.
Right to data portability (Article 20 GDPR). Where we process your Personal Data on the basis of consent or of a contract, and the processing is carried out by automated means, you have the right to receive a structured, commonly used, machine-readable copy of the data you provided to us, and to transmit that copy to another controller. This applies, in particular, to your Account profile and to the structured data of your past Orders. It does not apply to data derived by us through our own processing (for example, fraud-risk signals) or to data processed under legal obligation (most of the accounting records).
The portable copy is provided in JSON or CSV format on request.
Right to object (Article 21 GDPR). You have the right to object to our processing of your Personal Data on grounds relating to your particular situation, where the processing is based on legitimate interest (Article 6(1)(f)). This applies, for example, to the fraud-prevention and security-monitoring uses of Device data and access logs. Upon receiving a valid objection, we will stop the relevant processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is needed to establish, exercise, or defend legal claims.
You also have an unconditional right to object to processing for direct marketing purposes, including profiling related to direct marketing. As described in Section 6, our marketing emails are based on consent (Article 6(1)(a)), so the simplest way to stop them is to withdraw your consent (see below); an objection has the same effect.
Right not to be subject to automated decision-making (Article 22 GDPR). You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not carry out such automated decision-making (see Section 14), so this right does not apply to any current processing on our side. If, in the future, we ever introduce automated decision-making that falls within Article 22, we will update this Policy with at least thirty (30) days' advance notice and put in place the safeguards required by law.
Right to withdraw consent (Article 7(3) GDPR). Where we process your Personal Data on the basis of your consent (for example, telemetry, marketing emails, or optional features that ask for explicit opt-in), you have the right to withdraw that consent at any time. Withdrawal is as easy as giving consent in the first place: a single click in the relevant settings panel, or a click on the unsubscribe link in a marketing email.
Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. After withdrawal, we stop the relevant processing for the future and โ where appropriate โ anonymise or delete the data already collected on that basis.
Right to lodge a complaint with a supervisory authority (Article 77 GDPR). Without prejudice to your other rights, you may lodge a complaint with a data-protection supervisory authority. Your options are described in Section 16.
Right to an effective judicial remedy (Articles 78 and 79 GDPR). You have the right to an effective judicial remedy against:
These judicial remedies are exercised before the competent courts; the jurisdiction rules are described in the Terms of Service.
This Section sets out the practical procedure for exercising any of the rights described in Section 11. The procedure is the same for all rights, except where we expressly note otherwise.
How to make a request. You can make a Data Subject request in any of the following ways:
What to include. To help us locate the right Account and respond accurately, please include:
You do not need to cite the legal basis or the Article number; we will identify the applicable right based on the substance of your request.
Identity verification. To prevent unauthorised access to your data, we may need to verify your identity before acting on the request. In most cases, sending the request from the email address registered on your Account is sufficient verification. Where the request is unusual (for example, an erasure request for an old Account that has not been used for a long time), we may ask for additional verification, such as confirming a recent Order number or completing a magic-link confirmation from the registered email.
We will not ask you to provide a copy of an identity document unless this is the only reasonable means of verification (for example, where you have lost access to the registered email address). If we do ask, you may redact any data on the document that is not necessary for verification (date of birth, document number, etc.).
Timeframe. We will respond to your request without undue delay and in any event within one (1) month of receipt. Where the request is particularly complex or where you have submitted multiple requests, we may extend this period by up to two (2) further months; in that case, we will inform you of the extension and of the reason within the first month.
Cost. Exercising your Data Subject rights is free of charge. We may charge a reasonable administrative fee, or refuse to act on the request, only where the request is manifestly unfounded or excessive, in particular because of its repetitive character. We will explain the reason in writing if we ever invoke this exception, and you will have the right to challenge our position before a supervisory authority or a court.
Format of our response. Unless you ask us to use a different format, we will respond in writing, by email to the address from which you made the request, in the language of the request (Hungarian or English). Where the response includes a copy of Personal Data, we will provide the data in JSON or CSV format, attached to the email or as a download link valid for at least 30 days.
Self-service tools on the Portal. Some rights can be exercised directly on the Portal, without contacting us at all:
When you use a self-service tool, the action is treated as a valid Data Subject request under this Section.
Authorised representatives and family members. A Data Subject may exercise their rights through an authorised representative (for example, a lawyer or a family member acting under a power of attorney). In such cases, we will ask for a copy of the written authorisation and, where reasonable, verification of the representative's own identity. We will not act on a request from a third party โ even a family member or employer โ without such verification, in order to protect the Data Subject.
Children's data requests. Requests concerning a child under sixteen (16) years of age are handled in line with Section 13.
What if you are not satisfied with our response? You may lodge a complaint with a supervisory authority (see Section 16) or pursue a judicial remedy (Section 11, Right to an effective judicial remedy). We strongly encourage you to contact us first so that we have a chance to resolve the issue directly โ many disputes are based on a misunderstanding that can be cleared up in a single email exchange.
The Services are not directed at children under sixteen (16) years of age, and we do not knowingly collect Personal Data from anyone in that age group.
Minimum age requirement. As set out in Section 4 of the Terms of Service and Section 4 of the EULA, the minimum age to register an Account is eighteen (18) years, or sixteen (16) with the consent of a legal guardian. The minimum age to use the public documentation site, where no Account is required, is sixteen (16) years, in line with the default age for valid GDPR consent in Hungary (Article 8(1) of the GDPR, as implemented by Hungarian law).
If we discover that we have collected data from a child. Where we discover, through our own checks or through a report from a parent, guardian, or other person, that we have collected Personal Data from a child under sixteen without verified parental consent, we will:
How to report. If you are a parent or guardian, and you believe that we hold Personal Data about your child without your verified consent, please contact us at [email protected] with as much detail as you can provide. We will treat the matter with priority and respond within seven (7) days.
No targeting. We do not run marketing campaigns directed at children. We do not use any feature, design, or content that is intended to attract children. The DroneField Services are designed for adult professional users โ drone spraying service providers, precision farmers, and commercial surveyors โ and the content of the Portal, the Software, and the documentation reflects that audience.
This Section is short, because the answer is largely "no".
No solely automated decisions with legal or similarly significant effects. We do not carry out any automated decision-making โ including profiling โ that produces legal effects concerning you, or that similarly significantly affects you, in the sense of Article 22 of the GDPR.
In particular, we do not use any algorithm โ automated, statistical, or AI-based โ to:
Light automation that does NOT trigger Article 22. A few automated checks happen behind the scenes to keep the Service running smoothly. These are rule-based rather than profiling-based, and they do not produce legal or similarly significant effects:
If any of these flags produce a result you disagree with โ for example, your VAT number was rejected by VIES, or your IP address was rate-limited โ you have the right to contact us at [email protected] for human review.
Future changes. If we ever decide to introduce automated decision-making that falls within Article 22 โ for example, an AI-based fraud-scoring system โ we will:
Until that happens, this Section will remain a "no".
We have implemented technical and organisational measures appropriate to the risk of the Personal Data we process, in line with Article 32 of the GDPR. This Section sets out the principal measures. It is necessarily a snapshot at the date of this Policy; we continuously review and adjust our measures as the threat landscape evolves.
Plain-language summary. Your password is stored as a one-way hash, never in clear text. Connections to the Portal are encrypted (HTTPS / TLS 1.2 or newer). Database data is encrypted at rest. Access to production data is restricted to a small named group, logged, and audited. Backups are encrypted and kept for 90 days. We follow a documented incident-response plan and will notify you and the NAIH within 72 hours if a breach affects your data.
Encryption in transit. All connections between your browser or your Device and our servers โ for the Portal, the Software API calls (Heartbeat, License check, Version check), and the documentation site โ are encrypted using TLS 1.2 or newer, with strong cipher suites. HTTP requests are automatically redirected to HTTPS. Our servers reject TLS 1.0 and TLS 1.1.
Encryption at rest. Our database and our storage volumes (operated under AWS Frankfurt) are encrypted at rest using AES-256, with key management provided by AWS KMS. The encryption protects against physical theft of disks and against unauthorised access to underlying storage media.
Password storage. Passwords are stored as a bcrypt hash with a per-user salt. We never store, log, or transmit passwords in plain text. Even our own staff cannot read your password. If you forget your password, you must reset it via a magic link sent to your registered email address; we cannot tell you what your previous password was.
Authentication tokens. Authentication tokens used by the Portal and the Software (such as Laravel Sanctum tokens) are opaque random values of sufficient entropy, are bound to a single Device, and are stored on the server side as a hash. On your Device, tokens are stored in the operating system's secure storage (Keychain on macOS, equivalent on Windows and Linux). Tokens can be revoked at any time by you (by logging out, by revoking a Device on the Portal) or by us (in case of a suspected compromise).
Access controls within our team. Access to production systems is restricted to a named, small group of authorised personnel, on a least-privilege basis. Each access is personalised (no shared accounts), is protected by multi-factor authentication on the administrator side, and is logged. Logs are retained as security audit logs (Section 10) and are reviewed periodically. We do not allow administrative access from public networks without VPN.
Patch management. We monitor our underlying software stack (operating systems, language runtimes, framework dependencies, container images) for security advisories and apply security patches in line with their severity. Critical vulnerabilities are addressed as a priority, including out of business hours where necessary.
Network protections. Our servers are protected by AWS security groups configured on a deny-by-default basis. Only the strictly necessary ports are exposed to the internet (HTTPS on 443). We use a content-delivery network with DDoS protection in front of the Portal and the documentation site, and we apply rate-limiting on sensitive endpoints (login, password reset, registration).
Back-ups. Database back-ups are encrypted, are retained for 90 days on a rolling basis (Section 10), and are stored in a separate AWS region of the EU for disaster-recovery purposes. Back-ups are tested periodically by restoring to a staging environment.
Logging and monitoring. We maintain structured application logs and infrastructure logs, with retention as set out in Section 10. We monitor for anomalies (unusual login patterns, sudden spikes in failed authentications, abnormal traffic to specific endpoints) and have alerting in place for high-severity events.
Vulnerability management. We welcome responsible security disclosure from independent researchers and Users, as described in Section 17 of the Terms of Service. Reported issues are triaged and remediated according to severity. We do not pursue legal action against good-faith security researchers who follow the disclosure process.
Personnel. Our personnel are bound by written confidentiality obligations and receive periodic training on data-protection and security topics. Access to Personal Data is granted on a need-to-know basis, is reviewed when roles change, and is revoked promptly upon departure.
Processor due diligence. We have written Data Processing Agreements with all our Processors (Section 8), and we evaluate their technical and organisational measures before onboarding them. We monitor their compliance certifications (SOC 2, ISO 27001, etc.) and re-evaluate periodically.
Personal-data breach response. If we become aware of a personal-data breach that is likely to result in a risk to the rights and freedoms of Data Subjects, we will:
Our incident-response procedure is documented internally and is exercised periodically.
Limits of security. No system is perfectly secure. Despite the measures above, no controller can absolutely guarantee that Personal Data cannot be accessed, disclosed, altered, or destroyed by an unauthorised party. We commit to the measures above, to continuous improvement, and to transparent communication with you in the event of an incident.
If you believe that our processing of your Personal Data does not comply with the GDPR or with any other applicable data-protection law, you have the right to lodge a complaint.
First, please contact us. We strongly encourage you to raise the matter with us first, by writing to [email protected]. We will treat any data-protection complaint as a priority, will respond within the timeframes set out in Section 12, and will work in good faith to resolve the issue directly. Many concerns are based on a misunderstanding (for example, about what data we hold or about how a specific signal works) and can be cleared up in a single exchange.
Supervisory authority โ Hungary. Without prejudice to other administrative or judicial remedies, you have the right to lodge a complaint with the Hungarian Data Protection Authority:
Supervisory authority โ your country of residence. If you reside in an EU Member State other than Hungary, you may instead lodge a complaint with the data-protection authority of your country of residence, or of the place where the alleged infringement took place. The European Data Protection Board maintains a current list of national authorities at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Judicial remedies. As described in Section 11, you also have the right to an effective judicial remedy against the supervisory authority (if it does not handle your complaint) and against us as a controller. The jurisdiction rules for proceedings against us are set out in the Terms of Service.
No retaliation. As stated in Section 18 of the Terms of Service, we will not suspend or terminate your Account merely because you have exercised your right to lodge a complaint or pursue a judicial remedy.
We may update this Privacy Policy from time to time, for example to reflect changes in the law, changes in our processing activities, the addition of a new Processor (Section 8), or improvements in our security measures (Section 15).
Material changes. Where a change to this Policy would meaningfully affect how we process your Personal Data โ for example, a new category of data collected, a new purpose, a new Recipient outside the existing list, or a longer retention period โ we will:
Continuing to use the Services after a material change has taken effect constitutes acceptance of the new version of this Policy in relation to processing carried out from that date. Your previously accepted version remains visible on the Portal under Legal Documents.
Minor changes. Routine improvements that do not affect your rights โ typographical corrections, clarifications, updates to contact details, the addition of a Processor that performs the same function as an existing one โ may be made without prior notice. We will still publish the updated text on the Portal, indicate the new effective date, and keep the previous version accessible in the version history.
Coordination with the EULA and the Terms of Service. Where a change to this Policy is linked to a parallel change to the EULA or the Terms of Service, we coordinate the three notifications and present them together to avoid information overload.
For any question, request, or concern related to your Personal Data or to this Privacy Policy, please contact us:
For general support questions that do not concern data protection, the same email address is the right channel, and the Portal's support form is the most convenient way to open a ticket with the right routing.
Languages. We respond in Hungarian or English, whichever language you used to write to us.
Response time. Data-subject requests are handled within the timeframes set out in Section 12 (one month, extendable by up to two months in complex cases). General support questions are typically answered within one to three business days.
End of Privacy Policy.
Effective Date: 12 May 2026 โ Version 1.0 โ DroneSpot Kft.
ยฉ 2026 DroneField. All rights reserved.