Legal

Privacy Policy

Last updated: April 19, 2026. Governed by the laws of the Province of Alberta, Canada.

Aerosyne Technologies Inc. (“Aerosyne”, “we”, “us”, or “our”) operates the Aerosyne platform, a software-as-a-service product for commercial drone operations (the “Service”). This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you visit our marketing website or use the Service.

Aerosyne is a Canadian company registered in the Province of Alberta, Canada. This Privacy Policy is governed by Alberta’s Personal Information Protection Act(PIPA) and Canada’s federal Personal Information Protection and Electronic Documents Act (PIPEDA), as applicable.

1. Information We Collect

We collect the following categories of information:

  • Account information. Name, email address, organization name, role, country, and password (stored as a salted hash).
  • Workspace and operational data. Information you upload or generate while using the Service, including pilots, drones, jobs, clients, flight logs, checklists, imagery, telemetry, and processing artifacts. The subscriber organization controls this data and decides what is shared with third parties.
  • Billing information. Subscription plan, billing email, and payment method tokens. Card numbers are processed and stored by our payment processor (Stripe) and are never stored on Aerosyne servers.
  • Usage and product analytics. Pages visited, features used, device and browser metadata, and approximate location derived from IP address. On our public marketing pages, Google Analytics only loads after you accept the cookie banner.
  • Support communications. Messages you send to us via email or in-product messaging.
  • Cookies and similar technologies. Authentication cookies, security tokens, and a consent cookie that stores whether analytics are enabled for this browser.

2. How We Use Information

  • To operate, maintain, secure, and troubleshoot the Service.
  • To store, encrypt, transmit, and make workspace data and deliverables available at the direction of the subscriber organization.
  • To authenticate users and protect accounts from abuse.
  • To process subscriptions, payments, and refunds.
  • To provide customer support and respond to inquiries.
  • To produce aggregate, de-identified analytics for product, security, and capacity planning.
  • To comply with legal, regulatory, and tax obligations.

3. Legal Basis for Processing

We process personal information on the basis of (a) your consent, (b) the performance of our contract with you (the Terms of Service), (c) our legitimate interests in operating and securing the Service, and (d) compliance with legal obligations.

4. Data Sharing and Sub-processors

We do not sell personal information. We share subscriber data only with vetted sub-processors and service providers where needed to host, secure, support, and deliver the Service:

  • Stripe — payment processing and subscription billing.
  • Bunny.net — primary object storage for media and processing artifacts, and global CDN edge delivery.
  • OpenAI — optional AI features (anomaly detection, briefings, summarization). Usage is opt-in by feature; content sent to OpenAI is not used by them to train their models per their API terms.
  • NAV CANADA and the U.S. Federal Aviation Administration (NMS-API) — airspace and NOTAM data sources.
  • Cloudflare — DNS, edge security, and tenant subdomain routing.
  • Google Analytics — marketing-site analytics, loaded only after consent on the public landing pages.

We may also disclose information when required by law, court order, or other valid legal process, or to protect the rights, property, or safety of Aerosyne, our users, or the public.

5. Data Retention

We retain personal information for as long as your account is active and as required to provide the Service. After account closure we retain limited information for a reasonable period to comply with legal obligations, resolve disputes, and enforce our agreements. Backups are rotated on a recurring schedule.

6. Data Security

Aerosyne applies the following safeguards:

  • Application-layer encryption at rest for sensitive fields stored in our primary database, in addition to provider-level disk encryption.
  • TLS 1.2+ in transit for all client and inter-service communications.
  • Role-based access control (RBAC) and team-scoped multi-tenant isolation: every data record is scoped to a tenant identifier and queries enforce that scope.
  • Hardened authentication, password hashing, and short-lived session tokens.
  • Audit logging of administrative actions.
  • Regular dependency scanning and security patching.

Aerosyne limits internal access to subscriber data to authorized personnel with a legitimate operational, support, security, or legal need. Subscriber organizations remain responsible for deciding what customer data or deliverables they upload, export, or distribute through the Service, and any such distribution is at the subscriber’s own risk.

No method of transmission or storage is 100% secure. We work to protect your data but cannot guarantee its absolute security.

7. Data Residency and Cross-Border Transfers

Primary storage of customer data is located in Toronto, Canada. This includes our primary database and primary object storage region.

To deliver the Service quickly and reliably, static assets and cacheable media are distributed through a global content delivery network (CDN) with edge points of presence (POPs) across Canada, Europe, and the United States. CDN edge nodes may temporarily process and cache content closest to the requesting end user to reduce latency. The authoritative copy of customer data remains in Toronto, Canada.

By using the Service, you acknowledge that your information may be transferred to and processed in countries other than your own, including the United States and member states of the European Union, for the purpose of edge delivery. Where applicable, we rely on standard contractual clauses or equivalent safeguards for cross-border transfers.

8. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of your personal information.
  • Withdraw consent to processing where consent is the legal basis.
  • Lodge a complaint with the Office of the Information and Privacy Commissioner of Alberta or the Office of the Privacy Commissioner of Canada.

To exercise any of these rights, contact us at [email protected].

9. Children’s Privacy

The Service is not directed to children under the age of 16 and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

10. Cookies and Analytics

We use strictly-necessary cookies for authentication and security, plus a first-party cookie that remembers your analytics preference on the public landing pages. Google Analytics loads only after you accept the cookie banner. If Cloudflare Web Analytics is enabled for the marketing site, it must be configured to honor that same consent choice. You can control cookies through your browser settings; disabling strictly-necessary cookies may impair the Service.

11. International Users

If you access the Service from outside Canada, you understand that your information will be transferred to, stored, and processed in Canada. For users in the European Economic Area or United Kingdom, Canada has been recognized by the European Commission as providing an adequate level of data protection.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced through the Service or by email to account administrators. The “Last updated” date at the top of this page reflects the most recent revision.

13. Contact Us

For questions about this Privacy Policy or our handling of personal information, contact:

Aerosyne Technologies Inc.
Attn: Privacy Officer
Province of Alberta, Canada
Email: [email protected]