Privacy Policy

Comprehensive data protection and privacy rights for all Skynovay services and platforms

1. Introduction and Scope

Skynovay, Inc. ("Skynovay," "we," "us," or "our") is committed to protecting the privacy and security of personal information collected through our advanced drone detection systems, software platforms, mobile applications, websites, and related services (collectively, the "Services"). This Privacy Policy describes how we collect, use, disclose, and protect personal information in accordance with applicable privacy laws, including but not limited to the General Data Protection Regulation ("GDPR"), California Consumer Privacy Act ("CCPA"), Virginia Consumer Data Protection Act ("VCDPA"), Colorado Privacy Act ("CPA"), Connecticut Data Privacy Act ("CTDPA"), Utah Consumer Privacy Act ("UCPA"), and other international data protection regulations.

This Privacy Policy applies to all individuals ("you" or "your") who interact with our Services, including but not limited to:

• Website visitors and prospective customers
• Current and former customers and their authorized users
• End users of our drone detection systems
• Partners, vendors, and service providers
• Job applicants and employees
• Anyone whose personal information is processed in connection with our Services

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

2. Information We Collect

2.1 Personal Information Directly Collected

We collect personal information directly from you when you:

• Create an account or register for our Services: Including name, email address, phone number, job title, company name, billing address, and authentication credentials
• Request information or demonstrations: Contact details, company information, use case requirements, technical specifications, and communication preferences
• Purchase or subscribe to our Services: Payment information (processed by third-party payment processors), billing details, tax identification numbers, and procurement-related documentation
• Communicate with us: Email correspondence, support ticket information, feedback, survey responses, and any other information you choose to provide
• Attend events or webinars: Registration information, dietary restrictions, accessibility needs, and networking preferences
• Apply for employment: Resume, cover letter, references, education history, employment history, and any other information submitted during the application process

2.2 Information Collected Through Our Services

When you use our drone detection systems and platforms, we collect:

• System Usage Data: Login times, feature usage patterns, configuration settings, alert preferences, dashboard interactions, and system performance metrics
• Detection and Incident Data: Drone detection events, threat assessments, incident reports, response actions, operational logs, and system health metrics
• Location and Site Data: GPS coordinates, site boundaries, sensor locations, coverage areas, and geofencing parameters (when provided or configured by you)
• Technical Metadata: IP addresses, device identifiers, browser types, operating systems, software versions, API usage logs, and error reports
• Communication Records: Support conversations, training session recordings (with consent), and documentation of technical assistance provided

2.3 Automatically Collected Information

We automatically collect certain information when you interact with our Services:

• Web Analytics: Page views, click paths, session duration, referral sources, search terms, and user behavior patterns
• Device and Browser Information: Screen resolution, time zone, language preferences, installed plugins, and accessibility settings
• Network and Security Information: Connection logs, security events, authentication attempts, and potential threats or vulnerabilities
• Performance Data: Load times, error rates, system availability, and quality of service metrics

2.4 Information from Third Parties

We may collect information about you from third-party sources, including:

• Business Partners: Integration partners, resellers, and technology vendors who refer customers or collaborate on implementations
• Data Enhancement Services: Professional contact verification, company information updates, and industry classification data
• Social Media Platforms: Public profile information when you engage with our content or mention our brand
• Security and Threat Intelligence: Information necessary to protect our Services and users from security threats
• Legal and Compliance Sources: Information required for legal compliance, such as sanctions screening or regulatory reporting

3. How We Use Your Information

3.1 Primary Business Purposes

We use personal information for the following primary business purposes:

• Service Delivery: Providing, maintaining, and improving our drone detection systems, software platforms, and related services
• Customer Support: Responding to inquiries, troubleshooting issues, providing technical assistance, and delivering training
• Account Management: Creating and managing user accounts, processing subscriptions, managing billing, and maintaining customer relationships
• Product Development: Researching and developing new features, improving existing functionality, and enhancing user experience
• Security and Safety: Protecting against fraud, abuse, security threats, and ensuring the integrity and reliability of our Services

3.2 Communications and Marketing

With appropriate consent or legitimate interest, we may use your information for:

• Transactional Communications: Service updates, security alerts, billing notifications, and important account information
• Marketing Communications: Product announcements, industry insights, educational content, event invitations, and promotional offers
• Customer Feedback: Surveys, interviews, and requests for testimonials or case studies
• Community Building: User forums, advisory groups, and industry networking opportunities

3.3 Legal and Compliance Purposes

We process personal information as necessary for:

• Legal Obligations: Complying with applicable laws, regulations, court orders, and governmental requests
• Contract Performance: Fulfilling our contractual obligations and protecting our contractual rights
• Dispute Resolution: Investigating and resolving disputes, claims, and legal proceedings
• Regulatory Compliance: Meeting industry-specific regulations, export controls, and security requirements
• Risk Management: Assessing and mitigating business risks, including financial, operational, and reputational risks

4. How We Share Your Information

4.1 Service Providers and Vendors

We share personal information with trusted service providers who assist us in operating our business:

• Cloud Infrastructure Providers: Amazon Web Services, Microsoft Azure, and Google Cloud Platform for hosting and data processing
• Payment Processors: Stripe, PayPal, and other payment services for billing and subscription management
• Customer Support Tools: Zendesk, Intercom, and similar platforms for managing customer communications
• Analytics and Marketing: Google Analytics, HubSpot, Salesforce, and other tools for business intelligence and marketing automation
• Professional Services: Legal, accounting, auditing, and consulting firms that provide specialized expertise
• Security Services: Cybersecurity vendors, penetration testing firms, and security monitoring services

4.2 Business Partners and Integrations

We may share information with business partners in the following circumstances:

• Technology Integrations: Sharing necessary data to enable integrations with SIEM, VMS, and other security systems
• Channel Partners: Working with authorized resellers and implementation partners to deliver services
• Joint Ventures: Collaborating on research, development, or market initiatives with strategic partners
• Industry Consortiums: Participating in industry groups, standards organizations, and threat intelligence sharing

4.3 Legal and Regulatory Disclosures

We may disclose personal information when required or permitted by law:

• Legal Process: In response to subpoenas, court orders, warrants, or other valid legal demands
• Government Agencies: To regulatory authorities, law enforcement, or other governmental entities as required
• National Security: In response to national security letters or other lawful government surveillance requests
• Public Safety: When we believe disclosure is necessary to protect public safety or prevent harm
• Legal Rights: To establish, exercise, or defend our legal rights or the rights of others

4.4 Business Transactions

In the event of a merger, acquisition, sale of assets, or other business transaction, personal information may be transferred as part of that transaction, subject to appropriate safeguards and notice requirements.

5. Data Security and Protection

5.1 Security Framework

We implement comprehensive security measures to protect personal information:

• Encryption: Data encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access Controls: Role-based access controls, multi-factor authentication, and principle of least privilege
• Network Security: Firewalls, intrusion detection systems, and network segmentation
• Monitoring: 24/7 security monitoring, threat detection, and incident response capabilities
• Regular Assessments: Penetration testing, vulnerability assessments, and security audits

5.2 Compliance and Certifications

Our security practices align with industry standards and frameworks:

• SOC 2 Type II: Independently audited for security, availability, and processing integrity
• ISO 27001: Information security management system certification
• PCI DSS: Payment card industry data security standards compliance
• NIST Framework: Alignment with NIST Cybersecurity Framework guidelines
• FedRAMP: Working toward Federal Risk and Authorization Management Program compliance

5.3 Incident Response

In the event of a data security incident:

• Detection and Containment: Rapid identification and containment of security incidents
• Investigation: Thorough investigation to determine scope, cause, and impact
• Notification: Timely notification to affected individuals and regulatory authorities as required
• Remediation: Implementation of corrective measures and system improvements
• Documentation: Comprehensive documentation and lessons learned integration

6. Your Privacy Rights

6.1 General Rights

Depending on your location and applicable law, you may have the following rights:

• Right to Know: Request information about how we collect, use, and share your personal information
• Right to Access: Obtain copies of your personal information we maintain
• Right to Correct: Request correction of inaccurate or incomplete personal information
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: Opt out of the sale or sharing of personal information for targeted advertising
• Right to Portability: Receive your personal information in a structured, machine-readable format
• Right to Non-Discrimination: Protection from discriminatory treatment for exercising your privacy rights

6.2 GDPR-Specific Rights (EU/UK/EEA Residents)

If you are subject to GDPR protections, you also have:

• Right to Restrict Processing: Request limitation of how we process your personal information
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw previously given consent for specific processing activities
• Right to Lodge Complaints: File complaints with your local data protection authority
• Rights Related to Automated Decision-Making: Protection from solely automated decision-making with legal effects

6.3 How to Exercise Your Rights

To exercise your privacy rights:

1. Online Portal: Use our Privacy Rights Center at privacy.skynovay.com
2. Email Request: Send detailed requests to privacy@skynovay.com
3. Written Request: Mail requests to our Privacy Officer at the address provided below
4. Phone Support: Call our Privacy Hotline at +1-555-PRIVACY
5. Authorized Agent: Designate an authorized agent to make requests on your behalf

Response Timeframe: We will respond to privacy rights requests within 30 days (or as required by applicable law), with possible extensions of up to 60 additional days for complex requests.

7. International Data Transfers

7.1 Cross-Border Transfers

As a global company, we may transfer personal information across international borders for the purposes described in this Privacy Policy. We implement appropriate safeguards for all international transfers:

• Adequacy Decisions: Transfers to countries with adequate data protection as determined by relevant authorities
• Standard Contractual Clauses: European Commission-approved contracts for GDPR compliance
• Binding Corporate Rules: Internal policies ensuring consistent global data protection standards
• Certification Programs: Participation in frameworks like EU-U.S. Data Privacy Framework
• Technical Safeguards: Encryption, pseudonymization, and other technical measures

7.2 Data Processing Locations

We primarily process personal information in the following regions:

• United States: Primary data centers in Virginia, Oregon, and California
• European Union: Data centers in Ireland, Germany, and the Netherlands
• Asia-Pacific: Data centers in Singapore, Japan, and Australia
• Customer-Controlled Regions: On-premises or customer-specified cloud regions for enterprise customers

8. Data Retention and Deletion

8.1 Retention Principles

We retain personal information only as long as necessary for:

• Service Provision: Duration of your account and service usage
• Legal Obligations: Periods required by applicable laws and regulations
• Legitimate Business Interests: Reasonable periods for business, legal, or regulatory purposes
• Consent Duration: For the period specified when consent was obtained

8.2 Specific Retention Periods

• Account Information: Duration of active account plus 3 years after deactivation
• Transaction Records: 7 years from the date of transaction for tax and legal compliance
• Communication Records: 3 years from the date of communication
• Security Logs: 1 year from the date of creation, unless required for ongoing investigations
• Marketing Data: Until consent is withdrawn or 2 years of inactivity
• Job Application Data: 1 year from the completion of the hiring process

8.3 Deletion Procedures

When personal information is no longer needed:

• Automated Deletion: Systems automatically delete data according to retention schedules
• Secure Destruction: Data is securely destroyed using industry-standard methods
• Third-Party Notification: Service providers are notified to delete shared data
• Backup Purging: Data is removed from backup systems within reasonable timeframes
• Documentation: Deletion activities are logged and documented for compliance purposes

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

• Essential Cookies: Necessary for basic website functionality and security
• Performance Cookies: Collect information about website usage and performance
• Functional Cookies: Remember your preferences and settings
• Targeting/Advertising Cookies: Used for personalized advertising and marketing (with consent)

9.2 Other Tracking Technologies

• Web Beacons: Small images that track email opens and website visits
• Pixel Tags: Code that collects information about user interactions
• Session Storage: Temporary storage of information during your browsing session
• Local Storage: Persistent storage of preferences and settings
• Fingerprinting: Limited use for security and fraud prevention purposes only

9.3 Managing Cookie Preferences

You can control cookies through:

• Browser Settings: Configure cookie acceptance, blocking, and deletion
• Our Cookie Preference Center: Granular control over cookie categories
• Third-Party Opt-Outs: Use industry opt-out tools and mechanisms
• Do Not Track: We honor Do Not Track signals where technically feasible

10. Third-Party Services and Integrations

10.1 Integrated Third-Party Services

Our Services may integrate with or contain links to third-party services:

• SIEM Systems: Splunk, QRadar, ArcSight, and other security information platforms
• VMS Platforms: Milestone, Genetec, Avigilon, and video management systems
• Cloud Providers: AWS, Azure, Google Cloud, and other infrastructure services
• Identity Providers: Active Directory, Okta, Auth0, and single sign-on systems
• Communication Tools: Slack, Microsoft Teams, and collaboration platforms

10.2 Third-Party Data Processing

When you use third-party integrations:

• Separate Privacy Policies: Third parties have their own privacy policies and practices
• Data Sharing Controls: You control what information is shared with integrated services
• Integration Agreements: We enter into appropriate data processing agreements
• Security Requirements: Third parties must meet our security and privacy standards

11. Legal Compliance and Regulatory Framework

11.1 Applicable Laws and Regulations

Our privacy practices comply with numerous laws and regulations, including but not limited to:

• United States Federal Laws: CCPA, VCDPA, CPA, CTDPA, UCPA, COPPA, FERPA, HIPAA (where applicable), and Gramm-Leach-Bliley Act
• International Regulations: GDPR (EU), LGPD (Brazil), PIPEDA (Canada), Privacy Act (Australia), and PDPA (Singapore)
• Sector-Specific Regulations: FISMA, NIST frameworks, aviation regulations, and critical infrastructure protection requirements
• Industry Standards: ISO 27001, SOC 2, PCI DSS, and other relevant security and privacy frameworks

11.2 Government and Enterprise Customers

For government and enterprise customers, we provide additional compliance support:

• FedRAMP Compliance: Working toward authorization for U.S. federal government customers
• ITAR Compliance: International Traffic in Arms Regulations compliance for defense applications
• Data Residency: Ensuring data stays within specified geographic boundaries
• Audit Support: Comprehensive audit trails and compliance reporting
• Custom Agreements: Tailored data processing agreements and privacy terms

12. Children's Privacy

Our Services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. Parents or guardians who believe we may have collected information from their child should contact us immediately at privacy@skynovay.com.

13. Accessibility and Inclusive Design

We are committed to making our privacy practices accessible to all individuals:

• Document Accessibility: This Privacy Policy is available in multiple formats and languages
• Alternative Communication: Privacy rights requests can be made through various channels
• Assistive Technology: Our websites and services support screen readers and other assistive technologies
• Plain Language: We strive to use clear, understandable language in our privacy communications

14. Policy Updates and Changes

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. When we make material changes:

• Notice: We will provide advance notice through email, website notifications, or in-product messaging
• Effective Date: Changes become effective on the date specified in the updated policy
• Version Control: Previous versions are archived and available upon request
• Consent: For material changes requiring consent, we will obtain appropriate permissions

Change History: A summary of significant changes made to this Privacy Policy is maintained and available upon request.

15. Contact Information and Privacy Officer

For privacy-related questions, concerns, or rights requests, please contact us:

Privacy Officer:
Skynovay, Inc.
123 Innovation Way, Suite 100
San Francisco, CA 94105
United States

Email: privacy@skynovay.com
Privacy Hotline: +1-555-PRIVACY (+1-555-774-8229)
Online Portal: privacy.skynovay.com

EU Representative:
Skynovay Europe GDPR Services
45 Tech Hub Street
London SW1A 1AA
United Kingdom
Email: gdpr-eu@skynovay.com

Data Protection Officer (DPO):
Email: dpo@skynovay.com
Phone: +1-555-DPO-HELP

16. Definitions and Glossary

Personal Information: Information that identifies, relates to, describes, or is capable of being associated with a particular individual.

Processing: Any operation performed on personal information, including collection, use, storage, disclosure, and deletion.

Controller: The entity that determines the purposes and means of processing personal information.

Processor: An entity that processes personal information on behalf of a controller.

Consent: Freely given, specific, informed, and unambiguous indication of agreement to processing of personal information.

Legitimate Interest: A lawful basis for processing when we have a valid business reason that doesn't override individual privacy rights.

17. Acknowledgment and Agreement

By using our Services, you acknowledge that you have read, understood, and agree to this Privacy Policy. You understand that we will collect, use, and disclose your personal information in accordance with this Policy and applicable law. If you do not agree with any part of this Policy, please discontinue use of our Services.

This Privacy Policy represents the complete and exclusive statement of our privacy practices and supersedes all previous privacy policies, statements, or representations regarding our collection, use, and disclosure of personal information.

This Privacy Policy is effective as of the date listed above and will remain in effect until superseded by a revised version. We encourage you to periodically review this Policy to stay informed about how we protect your privacy.