Privacy Policy
Last updated:
1. Who we are
Airship Site Designer is operated by [Company name] (“we”, “us”), the data controller for the personal data described here. Registered at [address], United Kingdom. Privacy contact: [privacy@yourdomain].
2. What we collect
| Data | Why | Lawful basis |
|---|---|---|
| Account email & password (passwords are hashed, never stored in plain text) | Create and secure your account, sign you in | Contract |
| Designs & uploaded content (site boundaries, layouts, survey images, 3D models, project names) | Provide the Service and save your work | Contract |
| Workspace & team data (members, roles, plan) | Team and billing features | Contract |
| Billing data (handled by Stripe; we store subscription status, not card numbers) | Take payment for paid plans | Contract |
| Addresses/postcodes you search in Map mode | Find and show map imagery to trace | Legitimate interests |
| Basic usage & technical data (e.g. sign-in times, errors) | Run, secure and improve the Service | Legitimate interests |
We do not intentionally collect special-category data. Please don’t put personal data into design/object names unnecessarily.
3. Processors & third parties
We share data with service providers who process it on our behalf, or whose services you invoke:
- Supabase — hosting, database, authentication and file storage (region: EU/UK where configured).
- Stripe — payment processing (your card details go directly to Stripe; we don’t see them).
- Esri — aerial/street map imagery tiles used in Map mode.
- OpenStreetMap / Nominatim and postcodes.io — geocoding the address/postcode you enter.
When you use Map mode, the address or postcode you type is sent to the relevant geocoding/map provider to return results. We don’t sell your personal data.
4. Cookies & local storage
We use essential browser storage only — to keep you signed in, remember your theme (light/dark) and, in local mode, store designs on your device. We don’t use advertising cookies.
5. Where data is stored
Data is stored with our processors, which may process it in the UK, EEA or elsewhere. Where data leaves the UK/EEA, we rely on appropriate safeguards (e.g. UK IDTA / Standard Contractual Clauses).
6. Retention
We keep account and design data for as long as your account is active, then delete or anonymise it within a reasonable period after closure, unless we must keep it for legal, tax or security reasons. You can delete designs at any time; deleting your account removes your workspace and designs.
7. Your rights
Under UK GDPR you can request access, correction, deletion, restriction or portability of your personal data, and object to certain processing. To exercise these, email [privacy@yourdomain]. You can also complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.
8. Security
We use industry-standard measures including encryption in transit, hashed passwords, row-level access controls and access restricted to authorised admins. No system is perfectly secure, but we take protecting your data seriously.
9. Children
The Service is not intended for anyone under 18 and we don’t knowingly collect their data.
10. Changes
We may update this policy; we’ll post the new version here and update the date above, and notify you of material changes where appropriate.
11. Contact
Privacy questions or requests: [privacy@yourdomain].