Dronelog API Dronelog API

Privacy Policy

Last updated: March 2, 2026

1. Introduction

Dronelog API ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use our website and API service (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Password (stored securely using one-way hashing)
  • Billing information (processed and stored by our payment provider, Stripe)

2.2 Flight Log Data

When you upload flight logs through the API, we process and store:

  • Raw flight log files (stored on AWS S3)
  • Processed flight telemetry data (GPS coordinates, altitude, speed, duration)
  • Drone hardware information (model, serial number, firmware version)
  • Battery and component wear data
  • In-flight warnings and error logs

2.3 Usage Data

We automatically collect information about how you interact with the Service:

  • API call logs (endpoint, timestamp, response status, IP address)
  • API key usage and rate limit consumption
  • Browser type, operating system, and device information (for web access)

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process your flight logs and return structured data
  • Manage your account and process payments
  • Monitor API usage for billing and rate limiting
  • Detect and prevent fraud, abuse, and security threats
  • Send transactional emails (account confirmations, billing receipts, service alerts)
  • Improve and develop the Service based on aggregated, anonymized usage patterns
  • Comply with legal obligations

We do not use your flight log data for any purpose other than providing the Service to you.

4. Data Storage and Security

Your data is stored using industry-standard security measures:

  • Flight log files are stored on AWS S3 with encryption at rest (AES-256)
  • All data in transit is encrypted using TLS 1.2 or higher
  • API keys are hashed using HMAC-SHA256 — we cannot view your raw keys
  • Passwords are hashed using bcrypt with per-user salts
  • Database access is restricted and audited

While we implement strong safeguards, no method of electronic storage is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach.

5. Data Sharing and Third Parties

We do not sell your personal data or flight log data to third parties. We share information only in the following circumstances:

  • Service providers: We use third-party services to operate the Service, including AWS (hosting and storage), Stripe (payment processing), and transactional email providers. These providers only access data as necessary to perform their services and are bound by confidentiality obligations.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account information is retained until you delete your account
  • Flight log data is retained until you delete it via the API or close your account
  • API usage logs are retained for 12 months for billing and security purposes
  • Billing records are retained as required by applicable tax and accounting laws

Upon account deletion, we will remove your data from active systems within 30 days. Encrypted backups may retain data for up to 90 days before being purged.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request that we correct inaccurate or incomplete data.
  • Right to erasure: You may request that we delete your personal data, subject to legal retention requirements.
  • Right to restrict processing: You may request that we limit how we use your data.
  • Right to data portability: You may request your data in a structured, machine-readable format (JSON).
  • Right to object: You may object to certain processing of your data.

To exercise any of these rights, please contact us at info@dronelogapi.com. We will respond within 30 days.

Our legal basis for processing your data is: performance of a contract (providing the Service), legitimate interest (improving the Service and preventing fraud), and consent (where applicable). You may withdraw consent at any time.

8. Cookies

Our website uses essential cookies required for the Service to function (session management, CSRF protection). We do not use advertising or third-party tracking cookies.

If we introduce analytics cookies in the future, we will update this policy and obtain your consent where required.

9. International Data Transfers

Your data may be processed and stored in countries outside your country of residence, including the United States (AWS infrastructure). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

12. Data Protection Officer

For any questions or concerns about this Privacy Policy or our data practices, you may contact us at:

info@dronelogapi.com

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.