Privacy Policy

Last updated: 16 April 2026

Terasor ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your personal data when you use our website, mobile applications and marketplace services.

By using Terasor, you consent to the practices described in this Privacy Policy. Please read this policy carefully and contact us if you have any questions.

1. DATA CONTROLLER

  • 1.1 Terasor is the data controller responsible for your personal data.
  • 1.2 Terasor is a UK-based company. For data protection enquiries, contact our privacy team.
  • 1.3 We are registered with the UK Information Commissioner's Office (ICO) as required by data protection legislation.

2. INFORMATION WE COLLECT

We collect information in the following ways:

Information you provide directly

  • Account registration details (name, email address, phone number)
  • Profile information (profile photo, bio, equipment details for Pilots)
  • Identity verification documents (where required)
  • Payment information (processed securely by Stripe)
  • Communications with us or other users via the Platform
  • Charter request details and job descriptions
  • Reviews and ratings

Information collected automatically

  • Device information (device type, operating system, unique device identifiers)
  • Log data (IP address, browser type, pages visited, time and date of visits)
  • Location data (with your consent, for finding nearby charters or Pilots)
  • Usage data (features used, actions taken, preferences)
  • Cookies and similar tracking technologies

Information from third parties

  • Social login providers (Google, Apple, Facebook) if you choose to sign in this way
  • Payment processors (Stripe) for transaction verification
  • Identity verification services
  • Public databases for fraud prevention
  • Sanctions screening databases and politically exposed persons (PEP) lists
  • Anti-money laundering (AML) verification services

3. HOW WE USE YOUR INFORMATION

  • 3.1 To provide and operate the Terasor marketplace:
    • Create and manage your account
    • Connect Clients with Pilots
    • Process payments and payouts
    • Enable messaging between users
    • Facilitate dispute resolution
  • 3.2 To improve and personalise your experience:
    • Recommend relevant charters or Pilots
    • Analyse usage patterns to improve features
    • Conduct research and analytics
  • 3.3 To communicate with you:
    • Send transactional emails (booking confirmations, payment receipts)
    • Send service updates and announcements
    • Send marketing communications (with your consent)
    • Respond to your enquiries and support requests
  • 3.4 To ensure safety and security:
    • Verify user identities
    • Detect and prevent fraud
    • Enforce our Terms and Conditions
    • Protect the rights and safety of users
  • 3.5 To comply with legal obligations:
    • Respond to lawful requests from authorities
    • Meet tax and regulatory requirements
    • Establish, exercise or defend legal claims
  • 3.6 To prevent financial crime and comply with sanctions:
    • Conduct anti-money laundering (AML) and know-your-customer (KYC) checks
    • Screen users against sanctions lists (HM Treasury, OFAC, EU, UN)
    • Detect and report suspicious transactions
    • Comply with financial crime reporting obligations

4. LEGAL BASIS FOR PROCESSING (GDPR)

Under the UK GDPR and EU GDPR, we process your data based on the following legal grounds:

  • 4.1 Contract: Processing necessary to perform our contract with you (providing the marketplace service).
  • 4.2 Legitimate interests: Processing necessary for our legitimate business interests (fraud prevention, platform security, service improvement) where these don't override your rights.
  • 4.3 Consent: Where you have given clear consent for specific purposes (marketing communications, location tracking, cookies).
  • 4.4 Legal obligation: Processing necessary to comply with laws and regulations.

5. SHARING YOUR INFORMATION

  • 5.1 We share your information only as described in this policy. We do not sell your personal data to third parties.
  • 5.2 We share information with other users where necessary for the Platform to function:
    • Clients see Pilot usernames, ratings, profile photos and bid descriptions
    • Pilots see Charter details and the Client's general territory
  • 5.3 We may also share information:
    • When required by law or valid legal process
    • To protect our rights, property or safety, or the safety of users
    • In connection with a merger, acquisition or sale of assets (you will be notified in advance)
    • With your explicit consent

5A. THIRD-PARTY SUB-PROCESSORS

To operate the Platform, we share certain data with the following third-party service providers ("sub-processors"). Each is bound by appropriate data processing agreements and provides adequate protection for your data.

ProviderPurposeData sharedLocation
StripePayment processing, escrow, Pilot payouts (Stripe Connect)Name, email, payment method details, transaction amounts, Pilot bank account detailsUSA (SCCs in place)
SupabaseDatabase hosting, authentication, realtime infrastructureAll account and platform data (profiles, charters, bids, reviews, messages)EU / USA (SCCs in place)
Bunny.netFile storage and CDN delivery for deliverables, charter images and media contentUploaded files (drone footage, images, documents); access tokens; file metadataEU and global CDN edge nodes
Cloudflare StreamLive video ingest, transcoding and HLS playback for Livestream chartersLive video stream data; stream metadata (charter ID, pilot ID); recording filesUSA and global edge network
Fly.ioRTMP relay server for livestream video routing from pilot devices to CloudflareLive video stream; short codes used to identify active sessionsUSA / global
VercelWeb application hosting and deploymentWeb traffic logs, IP addresses, request metadataUSA and global edge network
Firebase (Google)Push notifications to Android and iOS devicesDevice push tokens; notification content (charter updates, bid alerts)USA (SCCs in place)
Apple Push Notification Service (APNs)Push notifications to iOS devicesDevice push tokens; notification contentUSA
Expo (Expo Push Service)Push notification routing for development and Expo-managed buildsDevice push tokens; notification payloadsUSA
Google MapsLocation search, geocoding and map displayLocation coordinates; address search queriesUSA (SCCs in place)
ip-api.comIP geolocation to suggest your territory on first registrationIP address (used once; not stored by Terasor beyond initial detection)USA
SendGrid (Twilio)Transactional email delivery (booking confirmations, notifications, support replies)Email address; email contentUSA (SCCs in place)
Amazon IVS (Amazon Web Services)Real-time audio back-channel during Livestream charters (client-to-pilot voice)Audio stream; session tokensUSA (SCCs in place)
YouTube / VimeoEmbedded video players in blog and Discover contentIP address; browser/device data (via iframe embed — governed by their own privacy policies)USA
jsDelivr CDN (Pannellum)360° panorama viewer for Discover contentIP address; browser/device data (CDN request logs)Global CDN

SCCs = Standard Contractual Clauses approved by the European Commission, providing appropriate safeguards for transfers outside the UK/EEA. We review our sub-processor list regularly. If you have questions about a specific provider, contact our privacy team.

6. LAW ENFORCEMENT AND GOVERNMENT REQUESTS

  • 6.1 Terasor may disclose personal data in response to valid legal process, including court orders, subpoenas, search warrants, national security letters, and regulatory requests from government agencies.
  • 6.2 The types of data that may be disclosed include: account registration details, profile information, Charter details and history, geolocation data and timestamps, messaging transcripts, payment and transaction records, Deliverables metadata (not content unless specifically required), device and access logs, and IP addresses.
  • 6.3 Where permitted by law and not prohibited by a court order or legal restriction, Terasor will make reasonable efforts to notify affected users before disclosing their data. However, we may not always be able to provide advance notice.
  • 6.4 Terasor evaluates government requests on a case-by-case basis and may challenge requests that we believe are overly broad, legally deficient, or inconsistent with applicable law.

7. DRONE FOOTAGE AND DATA SUBJECTS

  • 7.1 Drone footage captured through the Platform may contain images of identifiable individuals who are not users of the Platform ("data subjects in footage"). Terasor does not control the content of footage captured by Pilots.
  • 7.2 Clients commissioning Charters that will deliberately capture footage of identifiable individuals are responsible for: (a) informing those individuals that filming will take place; (b) obtaining any required consent under applicable data protection law; and (c) complying with any applicable CCTV, surveillance, or drone filming regulations in the relevant jurisdiction.
  • 7.3 Pilots must comply with applicable privacy and data protection laws when operating drones, including any requirements to display signage, provide notice, or avoid capturing footage of private property where not authorised.
  • 7.4 If you believe that footage on the Platform contains your image or personal data without your consent, you may submit a removal request to Terasor. We will review such requests in accordance with applicable data protection law and may require the uploader to remove or blur the relevant content.

8. INTERNATIONAL DATA TRANSFERS

  • 8.1 Terasor operates globally and may transfer your data to countries outside the UK and European Economic Area (EEA).
  • 8.2 When we transfer data internationally, we ensure appropriate safeguards are in place:
    • Standard Contractual Clauses (SCCs) approved by the European Commission
    • Adequacy decisions where the destination country provides adequate protection
    • Other legally approved transfer mechanisms
  • 8.3 Contact us if you would like more information about the safeguards we use.

9. DATA RETENTION

  • 9.1 We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected.
  • 9.2 Retention periods vary based on:
    • Active accounts: Data retained while your account is active
    • Transaction records: 7 years for tax and legal compliance
    • Dispute records: 6 years from resolution
    • Marketing preferences: Until you withdraw consent
  • 9.3 When data is no longer needed, we securely delete or anonymise it.

10. YOUR RIGHTS

Under data protection law, you have the following rights:

  • 10.1 Right of access: Request a copy of the personal data we hold about you.
  • 10.2 Right to rectification: Request correction of inaccurate or incomplete data.
  • 10.3 Right to erasure: Request deletion of your data in certain circumstances ("right to be forgotten").
  • 10.4 Right to restrict processing: Request that we limit how we use your data.
  • 10.5 Right to data portability: Request your data in a machine-readable format.
  • 10.6 Right to object: Object to processing based on legitimate interests or for direct marketing.
  • 10.7 Rights related to automated decisions: Not be subject to decisions based solely on automated processing that significantly affect you.
  • 10.8 Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact our privacy team. We will respond within 30 days.

11. COOKIES AND TRACKING TECHNOLOGIES

  • 11.1 We use cookies and similar technologies to:
    • Keep you signed in
    • Remember your preferences
    • Understand how you use the Platform
    • Deliver relevant advertising (with consent)
    • Prevent fraud
  • 11.2 Types of cookies we use:
    • Essential cookies: Required for the Platform to function
    • Analytics cookies: Help us understand usage patterns
    • Functional cookies: Remember your preferences
    • Marketing cookies: Used to deliver relevant ads (with consent)
  • 11.3 You can manage cookie preferences through your browser settings or our cookie consent tool.

12. DATA SECURITY

  • 12.1 We implement appropriate technical and organisational measures to protect your data, including:
    • Encryption of data in transit and at rest
    • Secure servers and infrastructure
    • Access controls and authentication
    • Regular security assessments
    • Staff training on data protection
  • 12.2 Payment data is handled by Stripe, a PCI DSS Level 1 certified payment processor.
  • 12.3 While we take security seriously, no system is completely secure. Please keep your account credentials safe.

13. CHILDREN'S PRIVACY

  • 13.1 Terasor is not intended for users under 18 years of age.
  • 13.2 We do not knowingly collect personal data from children.
  • 13.3 If we discover that we have collected data from a child, we will delete it promptly.

14. THIRD-PARTY LINKS

  • 14.1 The Platform may contain links to third-party websites or services.
  • 14.2 We are not responsible for the privacy practices of these third parties.
  • 14.3 We encourage you to read the privacy policies of any third-party sites you visit.

15. CHANGES TO THIS POLICY

  • 15.1 We may update this Privacy Policy from time to time.
  • 15.2 We will notify you of material changes by email or through the Platform.
  • 15.3 The "Last updated" date at the top of this page indicates when the policy was last revised.
  • 15.4 Continued use of the Platform after changes constitutes acceptance of the updated policy.

16. COMPLAINTS

  • 16.1 If you have concerns about how we handle your data, please contact our privacy team first.
  • 16.2 You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO):

17. CONTACT US

  • 17.1 For any questions about this Privacy Policy or your personal data, contact us at:

Contact Privacy Team

Related Policies