UAS Mission Portal Privacy Policy

Effective Date: January 1st, 2025

Introduction

This Privacy Policy ("Policy") explains how UAS Mission Portal (referred to as "UASMP," "we," "our," or "us") collects, uses, shares, and safeguards personal information when businesses and their authorized users ("you" or "users") access or use the UAS Mission Portal ("Service" or "Portal"). UASMP is a multi-tenant, cloud-hosted Software-as-a-Service platform designed for unmanned aerial systems ("UAS") operations management. The Service facilitates project setup and scheduling, asset imports (KMZ/KML/CSV), pilot and equipment assignment, pre-flight checklists, tailboard risk assessments, field audits, recurring mission scheduling with notifications, basic ADS-B visibility, and integrations with third-party services such as Skydio and AirData. This Policy does not apply to large deliverable storage or life-critical/distributed flight operations; we do not provide regulatory approvals or see-and-avoid services.

By creating an account, using our website or Service, or otherwise providing personal information, you acknowledge that you have read and understood this Policy and agree to our collection, use, and disclosure of personal information as described herein. Please read this Policy carefully, and if you do not agree with its terms, do not use the Service.

Scope and Applicability

This Policy applies to personal information we collect from and about:

• Business account representatives and authorized users. UASMP is a business-to-business platform; however, individuals acting on behalf of a business are natural persons whose personal information is subject to privacy rights under California law.
• Visitors to our public website and individuals who contact us via email or other channels.
• Persons in jurisdictions with privacy rights, including California residents under the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA").

This Policy does not apply to aggregated or de-identified data that cannot reasonably be used to identify an individual, or to publicly available information as defined under California law.

Information We Collect

The categories of personal information we collect depend on how you interact with UASMP and the features you use. We may collect the following:

1. Identifiers and account information

• Registration details: names, email addresses, phone numbers, employer names, job titles, user IDs, and passwords when you create or administer an account on the Portal.
• Government-issued identifiers (optional): pilot certificate numbers, aircraft tail numbers, or other regulatory identification numbers submitted for compliance tracking.
• Billing and payment information: limited payment information such as last four digits of credit card numbers and billing addresses processed by our payment service provider (e.g., Stripe). We do not store full credit card numbers or CVV codes.

2. UAS mission and operational data

• Project and mission details: project names, locations, scheduled dates and times, flight areas (e.g., KML/KMZ shapefiles or coordinates), mission plans, and risk assessments.
• Equipment and personnel information: assignments of aircraft, batteries, sensors, pilots, observers, and maintenance status.
• Pre-flight and compliance documentation: responses to checklists, tailboard briefings, field audits, regulatory approvals, and operational notes.
• Asset imports: geo-referenced files (KML, KMZ, CSV) and associated metadata uploaded to plan missions.
• Recurring mission scheduling and notifications: details about mission frequency, notifications to pilots and stakeholders, and task status.

3. Usage and technical information

• Log and device data: IP addresses, browser type, device identifiers, operating system, access times, referring URLs, page views, and interactions with our website or Service.
• Analytics and cookies: information collected via cookies, pixels, local storage, and similar technologies to recognize users, remember preferences, and analyze usage patterns. We may use third-party analytics providers (e.g., Google Analytics) to help us understand how our Service is used.

4. Third-party integration data

• Integration partners: If you connect the Portal to third-party services (e.g., Skydio for autonomous flight control, AirData for flight logging, ADS-B feeds for traffic data, and mapping providers), we receive information from and about those services as permitted by their privacy policies and your settings. This may include flight telemetry, mission logs, maintenance records, geolocation, or other operational data.
• Communications and support: Content of your communications with our support team, feedback, survey responses, or other user-generated content.

5. Commercial and transactional information

• Subscription records: purchase and subscription details, plan types, auto-renewal status, and transaction histories.
• Customer support interactions: notes and records from interactions with our customer support team.

6. Sensitive personal information

The Service may process geolocation data associated with mission planning and flight logs, which California law considers sensitive personal information. We use this data solely to provide the Service and will honor requests to limit its use as required.

Sources of Personal Information

We obtain personal information from the following sources:

• Directly from you – when you create or manage an account, plan a mission, upload assets, assign pilots and equipment, complete checklists or forms, or contact us.
• Automatically – through cookies and similar technologies, and through logs generated by your use of the Service.
• From third-party services and integrations – when you authorize integrations with flight management systems (e.g., Skydio, AirData), ADS-B and mapping services, payment processors, or communication tools. These third parties may provide mission logs, telemetry, and other data pursuant to their privacy policies.
• From other users or partners – for example, administrators may provide your contact information to invite you to collaborate on a project or mission.

Purposes for Collection and Use

We use personal information for the following business and commercial purposes:

• To provide and operate the Service – including account setup and administration, mission planning, scheduling, risk assessments, asset management, notifications, and user support.
• To integrate with third-party services – to import or synchronize mission data, flight logs, and telemetry from services such as Skydio, AirData, ADS-B feeds, mapping providers, or other APIs.
• To process payments – handling subscriptions, invoicing, free trials, auto-renewals, upgrades, downgrades, proration, cancellations, and refunds. Stripe processes payment data on our behalf.
• To communicate with you – responding to inquiries, sending confirmations, notices, updates, marketing communications (if you opt-in), and reminding you about upcoming missions or subscription renewals.
• To personalize and improve the Service – analyzing usage data to understand user preferences, develop new features, and improve reliability and user experience.
• To ensure security, compliance, and safety – protecting the integrity of the Service, detecting and preventing fraud or unauthorized activity, performing audits, enforcing our Terms and Conditions, and complying with applicable laws and regulatory obligations such as UAS operational requirements.
• To comply with legal obligations – including tax and accounting requirements, responding to valid law enforcement requests or court orders, and enforcing our rights.
• For other purposes – that you consent to or as otherwise disclosed at the time of collection.

Legal Bases for Processing (for International Users)

While the Service is primarily subject to U.S. and California law, we recognize that individuals in the European Economic Area (EEA), United Kingdom, or other jurisdictions may have additional rights. We process personal information on the following legal bases:

• Contractual necessity – to provide the Service under our agreement with your organization.
• Legitimate interests – to operate, secure, and improve our Service, communicate with users, prevent fraud, and pursue our business purposes, provided that such interests are not overridden by your rights.
• Compliance with law – where we must process data to comply with applicable laws.
• Consent – for sending marketing communications or collecting optional sensitive information. You may withdraw consent at any time.

Sharing and Disclosure of Information

We do not sell personal information or share it for cross-context behavioral advertising. We may disclose personal information to the following categories of recipients:

• Service providers and contractors – companies that provide hosting (e.g., cloud infrastructure), security monitoring, analytics, customer support, email delivery, billing, and payment processing.
• Integration partners – such as Skydio, AirData, ADS-B providers, and mapping services to facilitate mission management. We share only the data necessary to operate the integration and subject to contractual obligations.
• Affiliated companies – our parent company or subsidiaries, to the extent necessary for business operations or internal administrative purposes.
• Business transfers – in connection with a merger, financing, acquisition, or dissolution involving our company, data may be transferred to the acquiring organization subject to this Policy.
• Law enforcement, regulators, and legal requests – when required by law or to protect the rights, property, or safety of UASMP, our users, or others.

We may also share aggregated or de-identified data that cannot reasonably be used to identify any individual.

Cookies and Tracking Technologies

We use cookies and similar technologies to provide and enhance the Service. These technologies help us:

• Maintain session state and authenticate users.
• Analyze usage patterns and improve performance.
• Remember user preferences and settings.

You can control cookie preferences through your browser settings or by using privacy controls provided in our Service. If you disable cookies, some features may not function properly.

Data Retention and Deletion

We retain personal information only as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law. Our retention practices include:

• Account and subscription data – retained while your business has an active account and for a reasonable period thereafter to comply with legal obligations and resolve disputes.
• Mission and operational data – retained for the duration of the project and any mandated record-keeping requirements. We may retain flight logs and risk assessments for 12-24 months, or as required by our customers.
• Usage logs and analytics – typically retained for 12-24 months for security, analytics, and audit purposes.
• Backup copies – maintained for disaster recovery and continuity purposes for limited periods.

When we no longer have a legitimate business need to process personal information, we will delete or anonymize it. You may request deletion of your personal information as explained below.

Security Measures

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, loss, misuse, or alteration. Measures include encryption at rest and in transit, access controls, multi-factor authentication, network firewalls, vulnerability management, regular security audits, and employee training. However, no method of transmission or storage is completely secure; therefore we cannot guarantee absolute security.

Cross-Border Data Transfers

UASMP is headquartered in the United States, and we may store and process personal information in the U.S. or other countries where we or our service providers operate. These jurisdictions may have data protection laws that are different from those in your country. When we transfer personal information internationally, we employ appropriate safeguards, such as Standard Contractual Clauses, to protect your data and comply with applicable laws.

Your Privacy Rights

1. Rights for California Residents

If you reside in California, you have the following rights under the CCPA/CPRA:

• Right to know/access: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share.
• Right to delete: You may request that we delete personal information we collected from you, subject to certain exceptions.
• Right to correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to opt-out of sale or sharing: You have the right to direct us not to sell or share your personal information for cross-context behavioral advertising. UASMP does not sell personal information.
• Right to limit use of sensitive personal information: You may request that we limit our use and disclosure of sensitive personal information to certain purposes.
• Right to non-discrimination: We will not discriminate against you for exercising any of the above rights.

2. Rights for Residents of Other Jurisdictions

Depending on your location, you may have additional rights under applicable data protection laws, such as the GDPR in the European Union, including:

• Right of access, rectification, erasure, restriction of processing, objection, and data portability.
• Right to withdraw consent and to lodge a complaint with a supervisory authority.

Exercising Your Rights

You may submit requests to know, correct, or delete personal information by:

• Emailing our privacy team at support@uasmissionportal.com
• Using the in-app privacy request form under the account settings menu.

Third-Party Services and Links

The Service contains integrations and links to third-party websites or services that are not owned or controlled by UASMP. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of those services.

Children's Privacy

UASMP is intended for use by business customers and their authorized personnel. We do not knowingly collect personal information from children under the age of 16. If we learn that a child under 16 has provided personal information, we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated Policy on our website or via the Service and indicate the "last updated" date. Your continued use of the Service following an update signifies your acceptance of the revised Policy.

Contact Us

If you have questions or concerns about this Privacy Policy, wish to exercise your rights, or need to contact us, please reach us at:

• Email: support@uasmissionportal.com

California "Shine the Light" and 1789.3 Notice

California Civil Code §1789.3 requires websites that collect fees or provide products or services electronically to include specific contact information. If you have a question or complaint regarding the Service, please contact our Customer Service at support@uasmissionportal.com. You may also contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210 or (916) 445-1254.

Your Responsibilities

UASMP provides tools to manage UAS operations, but users are responsible for complying with applicable laws and regulations, including Federal Aviation Administration (FAA) rules, airspace restrictions, NOTAMs, and any state or local requirements. Our Service does not substitute for regulatory approvals or pilot judgment. You are also responsible for obtaining any necessary consents from your personnel or customers when using their personal information within the Service.