DroneWeather Pro BE

DroneWeather helps drone pilots plan safe flights while collecting only the information that is necessary. This notice explains how Smart Insights Apps handles personal data when you use droneweather.org, our Android Trusted Web Activity, and the related API endpoints.

Data controller & contact

Smart Insights Apps (Belgium) builds and operates DroneWeather and responds to privacy requests.

Data controller: Smart Insights Apps
Postal address: Fexhe-Le-Haut-Clocher, Belgium
Email: support@droneweather.org

1. Scope and legal basis

Smart Insights Apps, based in Fexhe-Le-Haut-Clocher (Belgium), develops and operates DroneWeather.

This privacy notice covers droneweather.org, the Android Trusted Web Activity, every API route under /api/, and the direct support channels you use to contact us.

Controller. Smart Insights Apps (Fexhe-Le-Haut-Clocher, Belgium) determines how your personal data is used and can be reached at support@droneweather.org.
Services covered. The public website, the Trusted Web Activity, API endpoints, user support, and automated monitoring are all in scope.
Legal bases. We process data to perform the service, under legitimate interest for security and fraud prevention, and—where required—based on your consent for optional features such as geolocation or saved preferences.
Audience. DroneWeather is designed for drone pilots aged 16 or older. We close accounts that we learn belong to minors.

2. Personal data we collect

We intentionally collect the minimum data required to deliver weather, map, billing, and support features. Many preferences stay only on your device.

Account and authentication. When you sign in with Google OAuth or email/password we receive your Firebase UID, email address, display name, optional profile photo, email-verification status, and sign-in provider. Passwords remain with Firebase Authentication.
Subscription and billing metadata. To verify entitlements we store plan IDs, product/base-plan IDs, purchase tokens or order IDs, Stripe customer/subscription IDs, currency, price micros, renewal status, country or region codes, and verification timestamps. Payment card data stays with Stripe or Google Play.
Device, session, and security data. We generate a hashed device fingerprint (user agent, platform, screen resolution, timezone, language, hardware capabilities), capture the IP address used during session creation, keep session IDs and heartbeat timestamps, and log Firebase App Check verdicts plus reCAPTCHA tokens to block automated abuse.
Location, map, and preference data. Coordinates from manual search or "Locate me" stay in volatile memory. Favorites, notes, ratings, checklist items, drone profiles, language/time/audio preferences, custom map colors, and banner photos live only in your browser storage.
Weather and airspace requests. When you request forecasts or UAV zone overlays we transmit the latitude/longitude and selected filters to OpenWeatherMap, RainViewer, OpenAIP, Google Maps Platform, and the Droneguide map service.
Support and communications. Emails, diagnostics, crash reports, or log snippets that you share may include your contact details, timestamps, and device metadata. We keep only what is necessary to resolve the issue.
Fallback IP geolocation. If GPS is unavailable in the Android Trusted Web Activity we request a coarse lookup from ipapi.co privacy notice, which sees your IP address to return approximate city-level coordinates.

3. How we use personal data

We use the collected information to run, improve, and protect DroneWeather.

Provide the service. Authenticate you, display your profile photo, keep you signed in across tabs, and sync subscription status across your devices.
Deliver weather, map, and safety features. Calculate flight conditions for the coordinates you choose, render UAV zones on the map, and remember the filters or units you prefer.
Manage subscriptions and payments. Verify Google Play purchases, create Stripe checkout sessions, reconcile receipts, and send billing notices or confirmations.
Prevent abuse and ensure fairness. Enforce device-based free-minute rules, detect unusual session replacements, block credential-stuffing attempts, and validate requests with App Check and reCAPTCHA Enterprise.
Provide support. Answer questions sent to support, follow up about incidents, and notify you about significant product or policy changes.
Improve reliability. Produce aggregated metrics about crashes, device types, or latency so we can prioritize fixes. We do not run advertising or marketing analytics.

4. When we share data

We never sell personal data. We only share it with trusted processors or when the law compels us to do so.

Firebase & Google Cloud host authentication, Firestore, Cloud Functions, and App Check in the EU multi-region. Data may be mirrored in other Google data centers as described in the Google Privacy Policy.
Google Identity Services & OAuth share only your name, email, and profile photo during sign-in so we can display your account.
Google Play Billing receives purchase tokens, order IDs, base-plan identifiers, and region codes solely to confirm Android subscriptions.
Stripe processes card payments, stores customer IDs, and powers the billing portal. See the Stripe Privacy Policyfor details.
Google reCAPTCHA Enterprise and Firebase App Check analyze device signals to block bots. Their use is subject to the Google Privacy Policy and the Google Terms of Service.
For fallback geolocation we call ipapi.co privacy notice, which receives your IP address.
Weather and mapping providers. We forward requested coordinates to OpenWeatherMap, RainViewer, OpenAIP, Google Maps Platform, and Droneguide map layers so they can return weather and airspace data.
Email and incident tooling. Messages you send to support@droneweather.org are stored in Google Workspace, and relevant security alerts may be forwarded to our internal tooling to investigate abuse.
Legal disclosures. We may disclose information if a court, regulator, or applicable law requires it or to enforce our Terms of Service.

5. Your rights

If you are located in the EU, EEA, UK, Switzerland, or another jurisdiction with similar safeguards, you have these rights.

Access. Learn what data we hold about you and obtain a copy.
Rectification. Update inaccurate account information via your Google profile or by contacting us.
Deletion. Delete your account in Account → Delete account or request deletion via email. Our deletion job removes the Firebase Auth user, Firestore document, subcollections, and device references.
Restriction & objection. Ask us to pause processing based on legitimate interest or object to specific uses like anti-fraud profiling.
Portability. Receive the data you provided in a structured, machine-readable format.
Withdraw consent. Revoke consent for optional features (for example, revoke location permissions or clear saved preferences) without affecting lawful processing already performed.
Complain. Lodge a complaint with your local supervisory authority, such as the Belgian Data Protection Authority.

6. Security and retention

All traffic is protected with HTTPS. Firestore data is protected by granular security rules, App Check tokens, and server-side validation. Device fingerprints are hashed before storage, and administrative access requires multi-factor authentication and logging.

Security monitoring events (for example, repeated failed logins or rate-limit violations) are retained only long enough to investigate incidents. Account, subscription, and billing records are preserved while you maintain an account or as required by tax and accounting laws (currently up to seven years).

Account deletion. When you delete your account our automated job removes the user document plus related subcollections (subscriptions, settings, favoriteLocations, weatherHistory) and cleans up deviceUsage/deviceProfiles so past devices stop counting toward free-minute limits.
Backups & resilience. Google Cloud maintains encrypted backups. If we ever need to restore from backup, we will re-apply deletion requests as soon as practicable.

7. Cookies and local storage

DroneWeather does not use advertising cookies. We rely on essential cookies, localStorage, and sessionStorage so the app works offline and remembers your preferences.

You can clear these storage entries at any time via your browser or OS settings. Doing so may sign you out and remove saved personalization.

Essential storage. Language selection, theme, high-contrast mode, time zone, time format, audio enablement, and map-display toggles are stored locally so the UI stays consistent between sessions.
Favorites and custom data. Favorite locations, notes, ratings, checklist items, photos, and custom drone profiles remain on your device unless you explicitly export or share them.
API caches. Weather and airspace responses may be cached in sessionStorage/localStorage to reduce load times and respect third-party rate limits.
Security scripts. Google reCAPTCHA Enterprise may set its own cookies to detect abusive traffic. Blocking them may prevent sign-in.

8. Policy updates

We update this privacy policy when we add features or when regulations change. We will adjust the "Last updated" date above and notify you in-app or by email if the changes are significant.

9. Contact & complaints

For privacy questions or to exercise your rights, please contact us. If you believe we have not resolved your request satisfactorily, you can reach out to the Belgian Data Protection Authority.

Email. support@droneweather.org.
Postal. Smart Insights Apps, Fexhe-Le-Haut-Clocher, Belgium.
If we cannot resolve your request you may contact the Belgian Data Protection Authority.

This privacy policy forms part of the DroneWeather Terms of Service. Contact us if you need a data-processing agreement or extra assurances for your organization.

DroneWeather Privacy Policy