How we handle your data.

This site (dronehub.ai) is operated jointly by two affiliated entities:

• Dronehub Inc. — a Delaware C-Corporation, USA. Primary entity for US-side contracting, SBIR/STTR engagements, and customer relationships originating in the United States.
• Dronehub Sp. z o.o. — a limited-liability company registered in Poland (Jasionka 954E, 36-002 Jasionka). Primary entity for EU engineering, manufacturing, and customer relationships originating in the European Union.

Either entity may act as data controller depending on which one you contact and for what purpose. For all routine privacy requests, reach .

We aim to collect the minimum personal data necessary to respond to inbound inquiries and operate the website.

Contact-form submissions. When you submit the contact form, we receive the fields you fill in — typically your name, email address, optional company name, the subject category you selected, and the message you wrote. We also record the time of submission for audit purposes.

Server logs. Like virtually any web server, ours records request metadata (IP address, user agent, page URL, timestamp) for security and operational diagnostics. These logs rotate on a short cycle and are not used for analytics or profiling.

What we don't collect. We do not run third-party analytics (no Google Analytics, no Meta pixel, no Hotjar, no equivalents). We do not run advertising trackers. We do not set non-essential cookies. We do not build profiles of visitors.

The lawful bases under GDPR Article 6 are:

• Consent (Art. 6(1)(a)). When you submit the contact form, you affirmatively send us your message. That is the consent.
• Legitimate interest (Art. 6(1)(f)). Server logs and basic operational security fall under our legitimate interest in operating a secure, available website.
• Legal obligation (Art. 6(1)(c)). Where law requires us to retain records — for example, contract or tax law in either jurisdiction — we comply with that obligation.

Where we use a third party to deliver a service, we use one that offers a defensible privacy posture appropriate to the data involved.

Email delivery. Contact-form messages are relayed to our inbox by Resend (resend.com), an email-API provider. Resend processes the submission contents only to deliver the email and is bound by a data processing agreement. Resend operates EU-region infrastructure and is GDPR-compliant.

Hosting. The website itself is hosted on infrastructure inside the European Union and the United States. No part of the data path passes through hyperscalers in adversarial jurisdictions.

No data sales. We do not sell, rent, lease, or barter your personal data with anyone. We do not share it with third-party marketers.

Personal data submitted via the contact form is stored on infrastructure inside the European Union and the United States. We do not transfer your data to jurisdictions outside the EU/US.

Retention. We keep contact-form submissions for as long as the business purpose requires — typically two to three years after the last interaction — and then delete them. If our business relationship matures into a contract, we keep records under the retention rules of the applicable contract, commercial, and tax law (typically up to ten years).

If you are in the European Economic Area, the United Kingdom, Switzerland, or any jurisdiction that grants equivalent rights (including the State of California), you have the following rights regarding your personal data:

• Access — a copy of the personal data we hold on you.
• Rectification — correction of inaccurate or incomplete data.
• Erasure — deletion of your data, subject to legal-retention obligations.
• Restriction — limiting how we process your data while a request is pending.
• Portability — a structured, commonly-used, machine-readable copy of the data you submitted.
• Objection — to processing based on legitimate interest, on grounds related to your particular situation.
• Withdraw consent — at any time, without prejudice to past processing.
• Complaint — you may complain to your local data-protection authority. In Poland this is the Personal Data Protection Office (UODO).

To exercise any of these rights, write to . We will respond within thirty days and ask only for the information needed to identify you and complete the request.

We use only essential cookies — typically a session cookie that keeps the site working, and short-lived cookies set by the framework that runs the site. We do not set advertising or analytics cookies. There is no cookie consent banner because none is required for strictly-essential cookies under EU law.

The site is not intended for use by children under sixteen, and we do not knowingly collect personal data from them. If you believe we have collected data from a child, write to us and we will delete it.

We apply reasonable technical and organizational measures to protect personal data: encrypted transport (HTTPS site-wide), access controls on backend systems, segregated environments for development and production, and routine security review of the stack. No system is perfectly secure, but our default posture is defense-in-depth.

If we change how we handle personal data we will update this page and revise the “Last updated” date. Material changes will be highlighted clearly. We recommend a quick review when the page changes.

For any question about this policy or about how we handle your personal data, write to .

Postal address (EU entity): Dronehub Sp. z o.o., Jasionka 954E, 36-002 Jasionka, Poland.