Privacy Policy

We collect the following categories of information:

• Contact information: name, company, email address, phone number, billing address.
• Property information: property address, owner name, gate codes or access notes, insurance and claim details (if you provide them).
• Aerial imagery and derived data: photographic and thermal imagery captured during flights, processed orthomosaics, point clouds, DSMs, 3D models, and annotated reports.
• Flight and GPS data: flight logs, drone telemetry, GPS coordinates of the inspection area.
• Account information: email and hashed password (managed by Supabase Auth) for portal accounts.
• Payment information: card details processed by Stripe — we do not store full card numbers; we retain only the last four digits and a Stripe-issued payment identifier.
• Usage data: server logs, IP addresses, browser type, pages visited (for security and analytics).

• To deliver the services you've requested — performing the flight, processing the data, producing reports, and delivering them through the portal.
• To bill for services and process payments through Stripe.
• To communicate with you about scheduling, deliverables, support, and service updates.
• To improve our methodologies — aggregate, anonymised analysis of inspection data to refine our scoring models and product offering.
• To comply with legal obligations (e.g. FAA recordkeeping for flight operations).
• To detect and prevent fraud, abuse, and security incidents on the portal.

• Raw aerial imagery: retained for 12 months after delivery, then archived to cold storage for an additional 24 months and deleted after 36 months unless a longer retention is contractually required.
• Processed deliverables (reports, orthomosaics, 3D models): retained for the lifetime of your portal account so you can re-download them.
• Flight logs: retained indefinitely to comply with FAA recordkeeping expectations.
• Payment records: retained as required for tax and accounting (typically 7 years).
• Anonymised analytics data: retained indefinitely in stripped form (no personally identifiable information).

Aetheris does not sell personal information. We share data only with service providers necessary to deliver the Services:

• Supabase (database, authentication, storage) — hosts the portal account, inspection records, and delivered files. Supabase privacy policy.
• Pix4D (photogrammetry processing) — raw imagery is uploaded for processing and then deleted from Pix4D’s servers per their retention policy. Pix4D privacy policy.
• Stripe (payment processing) — handles card and ACH transactions for portal invoices. Stripe privacy policy.
• Vercel (web hosting) — serves the marketing site and portal; access logs are retained for security analysis.
• Google Workspace (email, document storage) — used for client correspondence and proposal templates.
• We may also disclose information when required by law, valid legal process, or to protect the safety, property, or rights of Aetheris, our clients, or the public.

Depending on your state of residence, you may have the following rights regarding personal information we hold about you:

• Access: request a copy of the personal information we hold.
• Correction: ask us to correct inaccurate or incomplete information.
• Deletion: ask us to delete your personal information, subject to legal retention requirements (e.g. flight logs).
• Portability: receive your data in a structured, commonly used, machine-readable format.
• Opt-out of analytics: ask us to exclude your data from anonymised analytics; we will honour this on a forward-going basis where technically feasible.
• Non-discrimination: you will not receive discriminatory treatment for exercising any of these rights.

To exercise any of these rights, email info@aetherisintel.com with the subject line “Privacy Request”. We will respond within 30 days.

The portal uses cookies set by Supabase Auth to maintain your logged-in session. We do not use third-party advertising or cross-site tracking cookies. The marketing site uses Vercel Analytics (privacy-respecting, no cross-site tracking) if enabled. You can clear cookies in your browser at any time; doing so will sign you out of the portal but not affect data we already hold.

• All data is transmitted over TLS 1.2+ between you and our infrastructure.
• Account passwords are hashed by Supabase Auth using bcrypt-equivalent algorithms — we never see or store plaintext passwords.
• Database access is gated by Row-Level Security policies so logged-in clients can only access their own data.
• File storage uses signed URLs with limited validity; direct bucket access is not exposed.
• Stripe is PCI-DSS Level 1 certified; we never handle full card numbers ourselves.
• Internal access to client data is limited to Aetheris personnel on a need-to-know basis.

California, Virginia, Colorado, Connecticut, and Utah residents have specific rights under their state privacy laws. The rights listed in Section 5 are a superset of those required by these laws. We do not sell personal information, do not share personal information for cross-context behavioural advertising, and do not engage in targeted advertising. If you reside in one of these states and wish to exercise your statutory rights, contact us as described in Section 5; we will not require you to create an account to do so.

The Services are not directed at individuals under 18. We do not knowingly collect information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it.

Aetheris operates from Missouri, USA. If you access the Services from outside the United States, your information will be transferred to and processed in the United States, which may have different data-protection laws than your country.

We may update this Privacy Policy from time to time. Material changes will be communicated by email to active clients or by a banner on the portal at least 14 days before they take effect.

Privacy inquiries: info@aetherisintel.com
Aetheris Intelligence, LLC · SW Missouri, USA