Privacy Policy

Last updated: April 6, 2026  |  Effective: April 6, 2026

1. Who We Are

DroneCommand^™ is the brand name under which Country Road Drone Services, LLC, an Iowa limited liability company ("we," "us," or "our"), operates. References to "DroneCommand," "we," "us," or "our" throughout this Privacy Policy refer to Country Road Drone Services, LLC d/b/a DroneCommand. We are an agricultural drone operations management software company based in Smithland, Iowa. We operate the DroneCommand platform at dronecommand.online and provide spray operations management software to agricultural drone operators nationwide.

2. What This Policy Covers

This Privacy Policy applies to two distinct contexts:

• Website visitors — anyone who visits dronecommand.online, views our marketing pages, or contacts us through our website
• Platform subscribers — businesses and individuals who purchase and use the DroneCommand software platform

The types and volume of information collected differ significantly between these two contexts, as described below.

3. Information We Collect

3a. Website Visitors

When you visit our marketing website without creating an account, we collect only information you voluntarily provide, such as:

• Name, email address, and phone number (if you submit a contact or trial request form)
• Operation size, acreage, and team size (if provided in a trial or inquiry form)
• General information about your operation or service needs

If you begin the checkout process but do not complete your purchase, we may retain your name, email address, and selected plan to follow up on your inquiry. This information is stored only for the purpose of completing your signup and is not shared with third parties for marketing purposes.

We do not use advertising pixels, behavioral tracking cookies, or third-party analytics tools designed to identify individual visitors. Infrastructure providers such as font delivery services may receive standard technical data such as IP addresses as a byproduct of page loading.

3b. Platform Subscribers

When you use the DroneCommand platform, we collect substantially more information to operate the service. This includes:

Account and identity information:

• Full name, email address, phone number, and mailing address
• Username and encrypted password
• Profile photo (if uploaded)
• Role and permission level within your organization

Business operational data:

• Customer names, addresses, and contact information
• Field names, GPS polygon boundaries, and centroid coordinates
• Reverse-geocoded field addresses, counties, and states
• Spray job records including dates, times, acreage, and completion status
• Photographs uploaded during spray jobs, which may include GPS coordinates embedded in image metadata
• Chemical product names, EPA registration numbers, application rates, and total amounts applied
• Target pest, crop, and treated site information
• Weather conditions recorded at time of application
• Mix formulas, batch sizes, and inventory transactions
• Customer invoices, billing rates, and payment records

Personnel and credential data:

• Pilot names and contact information
• FAA Part 107 certificate numbers
• State pesticide applicator license numbers and expiration dates
• Other professional credentials and certifications uploaded to the platform
• Time clock records, hours worked, overtime, and break data
• Per-pilot pay rates, commission rates, commission structures, pay rate history, and deferred incentive agreement terms (retained for a minimum of four years following termination of the employment or contractor relationship, as required by applicable federal and state wage/hour record-keeping laws)
• Payroll export data

Platform subscribers are responsible for obtaining any legally required consent from their employees and contractors prior to using the DroneCommand platform to track, record, or process their location data, flight paths, time records, or other personal information. DroneCommand processes this data as a service provider acting on the subscriber's instructions; the subscriber is the data controller for employee and contractor personal data under applicable employment privacy laws. If your jurisdiction requires employee notice or consent for geolocation monitoring (including GPS flight path logging), you are responsible for compliance. We recommend consulting legal counsel regarding applicable employee monitoring laws in your state and the states where your pilots operate.

Drone and aircraft data:

• Aircraft names, manufacturer, model, and serial numbers
• FAA N-numbers (registration numbers)
• FAA Remote ID serial numbers
• Flight log data imported from DJI or XAG systems, including flight paths, timestamps, spray amounts, and operational parameters

Payment information:

• Billing name, address, and contact details
• Payment card information — collected and processed directly by Stripe, Inc. We do not store full card numbers on our systems.
• Subscription plan, billing cycle, and transaction history

Technical and usage data:

• IP address and approximate geographic location
• Browser type and version
• Pages accessed and features used within the platform
• Session timestamps and activity logs
• Error logs and performance data

4. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the DroneCommand platform
• Process subscription payments and manage your account
• Generate spray records, reports, invoices, and operational documents
• Send transactional communications (account confirmations, invoices, expiration alerts, support responses)
• Respond to inquiries and provide customer support
• Improve platform features and fix bugs using anonymized, aggregated usage data
• Detect and prevent fraudulent or unauthorized access
• Meet applicable legal obligations

We may also use anonymized, aggregated, non-identifiable data derived from platform usage across all subscribers for product improvement, analytics, and research purposes. This aggregate data cannot be used to identify you or your organization.

We do not use your data for advertising or sell it to third parties.

5. Third-Party Service Providers

We work with the following categories of third-party service providers who may process data on our behalf in order to operate the platform. These providers are contractually required to protect your data and may only use it for the purposes we specify.

• Payment processing: Stripe, Inc. — processes subscription payments and stores payment card data. Subject to Stripe's own Privacy Policy.
• Email delivery: A transactional email provider is used to send platform notifications, reports, and invoices. Email content may include spray records and operational data.
• SMS delivery (Twilio): If SMS notifications are enabled for your account, phone numbers and notification content are transmitted to Twilio, Inc. for delivery. Subject to Twilio's Privacy Policy.
• Mapping and geospatial data: Map tile providers and USGS services are used to display field maps and retrieve elevation data. Field boundary coordinates may be transmitted to these services to render maps.
• DriftWatch and Iowa BeeCheck: Field location data (coordinates) is transmitted to these services to retrieve nearby sensitive site information. Subject to their respective privacy policies.
• WxBrief: If you use the weather briefing integration, flight location and operational parameters are transmitted to WxBrief using credentials you provide. Subject to WxBrief's Privacy Policy.
• FAA NOTAM systems: If you use the NOTAM filing feature, operational data including location, altitude, and time parameters is submitted to FAA systems using your credentials.
• DJI and XAG: If you use the flight log import feature, flight data is retrieved from DJI or XAG cloud systems using credentials you provide. We do not control the data practices of DJI or XAG.
• QuickBooks / Intuit: If you enable the QuickBooks integration, customer and invoice data is transmitted to Intuit's systems. Subject to Intuit's Privacy Policy. You may disconnect this integration at any time.
• Cloud hosting: Our platform runs on cloud infrastructure. Your data is stored on servers located in the United States.

Once your data has been transmitted to a third-party service provider pursuant to an integration you have authorized, that provider is primarily responsible for the security of your data within its own systems. We are not liable for data breaches, outages, unauthorized disclosures, or policy changes that occur within third-party systems, except to the extent caused by our own negligent configuration of the integration, failure to transmit data using industry-standard encryption, or selection of a provider with known security deficiencies of which we were aware at the time of integration. If a third-party integration experiences a data breach affecting your information, we will notify you as required by applicable law and cooperate with the provider's incident response.

6. Data Sharing

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• With your authorization: When you explicitly enable a third-party integration (such as QuickBooks) or instruct us to share records with a third party
• Within your organization: Users within the same tenant account may view data according to the role-based permission system you configure
• Service providers: As described in Section 5, with vendors who process data solely to operate the platform on our behalf
• Legal requirements: When required by law, court order, or government authority
• Protection of rights: When necessary to protect the safety, rights, or property of DroneCommand, our users, or the public
• Business transfers: In connection with a merger, acquisition, or sale of assets, in which case you will be notified before your data is transferred and becomes subject to a different privacy policy
• DroneCommand administrative access: DroneCommand officers, employees, and authorized agents ("administrative staff") may access tenant data for the purposes of providing customer support, troubleshooting, security investigation, or fulfilling legal obligations. Such access is subject to internal access controls and limited to authorized personnel only. The scope of "administrative staff" is the same as the indemnified parties in our Terms of Service §13 and EULA §12. We do not access tenant data for any other purpose.

7. Cookies and Session Data

The DroneCommand marketing website does not use advertising cookies or tracking pixels.

The DroneCommand platform uses strictly necessary session cookies to authenticate your login and maintain your session while you use the software. These cookies are essential for the platform to function and cannot be disabled while using the service. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies within the platform.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. Specifically:

• Account data is retained for the duration of your active subscription and for a minimum of 30 days following cancellation to allow you to export your data.
• Spray application records are retained for a minimum of three years from the date of application, even after account cancellation, to support operator record-keeping needs. Following the expiration of the three-year retention period, spray records will be securely deleted or anonymized within 90 days — except where a legal hold is in effect per Terms of Service §11, a subpoena or court order requires retention, or a regulatory investigation is ongoing, in which case records are retained until the matter is fully resolved and a written release is provided, or until 5 years from the application date, whichever date is later.
• Payment records are retained as required by applicable tax and financial reporting obligations.
• Pilot and operator personal data (flight logs, time records, and credentials) tied to individuals who are not account holders is retained for the duration of the subscriber's active account and deleted within 90 days following account termination, except where retention is required by law (including the four-year wage and hour retention period for pay records) or a legal hold is in effect.
• Contact and inquiry records from the marketing website are retained for as long as reasonably necessary to respond to and follow up on your inquiry.

After applicable retention periods expire, data is securely deleted or anonymized.

9. Data Security

We implement reasonable technical and organizational measures to protect your data, including encrypted data transmission (HTTPS/TLS), access controls, and tenant data isolation. Each subscriber organization's data is logically separated from other organizations within the platform.

No system is perfectly secure. We cannot guarantee absolute security against all threats. You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account.

10. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users by email without unreasonable delay and in no case later than 30 days following our discovery of the breach, or within the timeframe required by applicable state law if shorter. "Discovery" means the date we have reasonable grounds to believe that unauthorized access to, or disclosure of, personal information has occurred — including through anomalous access patterns, third-party reports, or security monitoring alerts, whether or not the breach has been fully confirmed. Notification will describe the nature of the breach, the categories of data affected, the approximate date of the breach, the steps we are taking to address it, and any recommended actions for you. Where the law of an affected resident's state requires notification sooner than 30 days, we will comply with that shorter requirement. Where a breach affects California residents and involves unencrypted or unredacted personal information, we will provide notification to the California Attorney General as required by California Civil Code §1798.82.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to retention requirements described in Section 8
• Portability: Export your operational data (spray records, field data, etc.) using the export features built into the platform
• Objection: Object to certain processing of your personal information

To exercise any of these rights, contact us at [email protected]. We will respond within 45 days of receiving your request. Where reasonably necessary, we may extend this period by an additional 45 days and will notify you of the extension before the initial period expires.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including:

• Right to know: The categories and specific pieces of personal information we collect, the purposes for which we use it, and the categories of third parties with whom we share it
• Right to delete: Request deletion of your personal information, subject to legal retention requirements. Note: spray application records are subject to a minimum three-year retention period under applicable state pesticide applicator record-keeping laws and cannot be deleted prior to the expiration of that period. All other personal information will be deleted upon request unless another legal basis for retention applies.
• Right to correct: Request correction of inaccurate personal information we hold about you
• Right to limit use of sensitive personal information: Request that we limit our use of sensitive personal information (such as pilot license numbers, financial data, and precise geolocation data) to what is necessary to provide the service
• Right to opt out of sale: We do not sell personal information
• Right to non-discrimination: We will not discriminate against you for exercising any of these rights

Categories of personal information we collect include: identifiers (name, email, phone, address, IP address); professional or employment information (credentials, license numbers, pay rates); financial information (payment records, commission data); geolocation data (GPS field coordinates); and other commercial information (operational records, spray records). We collect this information to provide, operate, and improve the DroneCommand platform as described in this policy. To submit a CCPA/CPRA request, contact us at [email protected].

12. Children's Privacy

The DroneCommand platform is intended for use by adults operating agricultural businesses in the United States. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have inadvertently collected information from a minor, we will delete it within 30 days of discovery and notify the account holder. If you are located outside the United States, the platform is not intended for your use and we do not direct our services to non-US residents; by using the platform outside the US, you acknowledge that your data will be processed in the United States under US law.

13. Dispute Resolution

Any dispute arising from or related to this Privacy Policy — including claims about how we collect, use, share, or retain your personal information — is subject to the Dispute Resolution provisions in our Terms of Service (Section 16) and End-User License Agreement (Section 15), including binding arbitration, class action waiver, and opt-out rights. Please read those provisions before using the platform.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes that affect how we handle your data, we will provide notice by email and in-platform notification at least 30 days before the changes take effect. For changes affecting how we handle personal information that we have already collected, we will seek your affirmative consent before applying the new practices to that existing information. For changes that affect only information collected after the effective date, your continued use of the platform after the effective date constitutes acceptance of the updated policy. If you do not accept material changes, you may delete your account and request deletion of your personal information in accordance with Section 11.

15. Contact Us

For questions about this Privacy Policy or how we handle your information:

• Company: DroneCommand^™, LLC
• Address: 3308 330th St, Smithland, IA 51056
• Phone: 712-420-0871
• Email: [email protected]

← Back to DroneCommand