The Drone Rules
← Back to SkyRule

Privacy Policy

Last updated: 26 May 2026

SkyRule is operated by The Drone Rules Ltd. This Privacy Policy explains how we collect, use, store and protect personal information when you use SkyRule, including our website, dashboard, map tools, learning tools, account features, email communications and future SkyRule services.

SkyRule is designed to help drone users understand rules, restrictions and pre-flight considerations in plain English. It is not intended to replace official aviation sources, legal advice, professional operational planning or the remote pilot's own responsibility.

Service: SkyRule
Company: The Drone Rules Ltd
Contact: contact@skyrule.app
Registered office: Suite 211, 266 Banbury Road, Oxford, Oxfordshire, OX2 7DL

1. Who we are

For UK data protection purposes, the controller of your personal data is The Drone Rules Ltd. Registered office: Suite 211, 266 Banbury Road, Oxford, Oxfordshire, OX2 7DL. Privacy contact: contact@skyrule.app.

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us using the email address above.

2. Personal data we collect

2.1 Account information

When you create or use an account, we may collect:

  • name;
  • email address;
  • login/authentication information;
  • profile information you choose to provide;
  • account status;
  • communication preferences;
  • whether you have an Operator ID or Flyer ID;
  • Operator ID or Flyer ID numbers if we add fields for those details.

When we collect actual Operator ID or Flyer ID numbers, we will treat them as sensitive operational information and apply stronger protections, including database-level encryption where appropriate.

2.2 Location information

SkyRule may ask for access to your device location when you use map or location-checking features. In the current implementation:

  • your location is requested through your browser/device permission prompt;
  • your coordinates are used to show your position on the map and check nearby mapped restrictions;
  • your coordinates are not sent to our backend database;
  • your coordinates are not stored in the SkyRule database;
  • your coordinates disappear when the browser session is refreshed or closed.

In future, SkyRule may offer optional saved flight planning, saved sites, flight history or operational records. If we add those features, we will update this Privacy Policy and make it clear when location data is being saved.

2.3 Map and airspace-check information

When you use the map, we may process:

  • a location selected by tapping/clicking the map;
  • approximate map area viewed;
  • restriction-zone results;
  • airspace or rules shown to you;
  • interaction events needed to operate and improve the service.

Selected map points may be processed in your browser or by SkyRule systems depending on the feature. Where possible, we prefer privacy-preserving design and avoid storing precise location unless it is needed for a feature you choose to use.

2.4 Drone and rule-check information

SkyRule may ask about:

  • drone type;
  • class mark;
  • weight/mass;
  • whether the drone has a camera;
  • whether you hold relevant qualifications;
  • intended operating category;
  • flight conditions selected in the app;
  • training or quiz responses.

This information helps SkyRule provide plain-English guidance. It should not be treated as a legal determination or flight authorisation.

2.5 Communications

If you contact us, sign up, request support or receive transactional emails, we may collect:

  • your email address;
  • messages you send us;
  • support requests;
  • email delivery information;
  • account/login email status;
  • marketing preferences.

We use third-party providers to send transactional and marketing emails.

2.6 Technical and usage data

We may collect technical information such as:

  • IP address;
  • device type;
  • browser type;
  • operating system;
  • approximate location inferred from IP address;
  • pages visited;
  • login events;
  • error logs;
  • security logs;
  • cookie/local-storage identifiers;
  • performance data.

This helps us run SkyRule, secure the service, troubleshoot issues and improve the product.

2.7 Payment data

If SkyRule later offers paid subscriptions or paid features, payments may be processed by a third-party payment provider. We do not intend to store full payment-card details ourselves.

3. How we use personal data

We use personal data to create and manage accounts, authenticate users, provide map and rule-checking features, show location-based airspace and restriction information, provide learning tools and training features, send login links, OTPs, service emails and security messages, respond to support requests, improve SkyRule, prevent misuse, comply with legal obligations and maintain business records.

We may send marketing communications where permitted by law and where you have not opted out or withdrawn consent.

4. Lawful bases under UK GDPR

We rely on different lawful bases depending on the use. These include contract, legitimate interests, consent and legal obligation.

4.1 Contract

We process personal data where needed to provide SkyRule to you, including account access, login, dashboard features, map tools and support.

4.2 Legitimate interests

We process some data for our legitimate interests, including improving SkyRule, securing the platform, preventing fraud or misuse, debugging errors, understanding usage and developing better drone-safety tools. We balance these interests against your rights and freedoms.

4.3 Consent

We rely on consent for device location access, optional marketing emails where consent is required, non-essential cookies or analytics where required, and future optional saved location or flight-planning features if consent is the appropriate basis. You can withdraw consent where we rely on it.

4.4 Legal obligation

We may process data where required by law, regulation, tax, accounting, court order or lawful authority request.

5. Location data and GPS

SkyRule may use your device location only when you choose to use a location feature and your browser/device allows it. You can deny location access and still use manual map tools where available.

SkyRule's current map implementation does not store your live coordinates in our backend database. We designed this intentionally to reduce privacy risk. If we later add saved sites, saved flights, flight logs or operational planning, we will explain clearly what is stored and why.

6. Airspace, NOTAMs and official-source data

SkyRule may display or process aviation-related data from public, official, licensed or third-party sources, including permanent airspace/restriction datasets and, in future, NOTAM or temporary restriction data.

Important: aviation data can change quickly. SkyRule may not include every temporary restriction, NOTAM, AIP Supplement, local restriction, landowner requirement, weather condition, site hazard or operational factor.

SkyRule is a guidance and decision-support tool. It is not an official aviation authority, air traffic service, legal adviser or flight authorisation system.

7. Who we share data with

We may share personal data with trusted service providers who help us operate SkyRule. Current or expected providers may include:

  • hosting and deployment providers;
  • backend, database and authentication providers;
  • email delivery providers;
  • business email/productivity providers;
  • code hosting and development tools;
  • domain/DNS providers;
  • map, geocoding, airspace, NOTAM or aviation-data providers;
  • analytics, monitoring or error-reporting providers if added;
  • professional advisers such as solicitors, accountants or insurers;
  • regulators, courts or authorities where legally required.

We require providers to process personal data only for appropriate purposes and to use suitable security measures.

8. International transfers

Some providers may process data outside the UK or European Economic Area. Where this happens, we will take steps required by UK GDPR, such as using adequacy decisions, UK International Data Transfer Agreements, the UK Addendum to EU Standard Contractual Clauses, or equivalent safeguards.

9. How long we keep data

We keep personal data only as long as necessary. Indicative retention periods are:

  • account data: while your account is active, then for a reasonable period after closure;
  • support emails: normally up to 6 years where needed for business/legal records;
  • transactional email logs: as needed for security, delivery and audit;
  • security logs: normally up to 12–24 months unless needed longer for investigation;
  • marketing data: until you unsubscribe or we no longer need it;
  • live location data: current implementation is session-only and not stored by SkyRule;
  • saved flight/location data: if added later, kept until deleted by you or according to the relevant feature terms;
  • financial records: as required by tax/accounting law.

We may keep limited records longer where needed to establish, exercise or defend legal claims.

10. Your data protection rights

Under UK GDPR, you may have the right to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion;
  • restrict processing;
  • object to processing;
  • request data portability;
  • withdraw consent;
  • complain to the Information Commissioner's Office.

You can contact us at contact@skyrule.app. You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk, though we would appreciate the opportunity to resolve your concern first.

11. Cookies and similar technologies

SkyRule may use cookies, local storage or similar technologies to keep you logged in, maintain session security, remember preferences, improve performance, understand usage and support analytics or marketing if added.

Essential cookies are required for the service to work. Non-essential analytics or marketing cookies will be handled in line with applicable consent requirements.

12. Children and young users

SkyRule may be useful for families, schools and young drone users, but it is not intended for unsupervised use by children under 13.

If you are under 13, you should not create a SkyRule account without a parent, guardian or school-authorised adult. If SkyRule is used in an educational setting, schools or organisations should ensure appropriate consent, supervision and safeguarding arrangements are in place.

We do not knowingly collect personal data from children under 13 without appropriate involvement from a parent, guardian or authorised school/organisation.

13. Security

We use technical and organisational measures to protect personal data, including HTTPS encryption in transit, access controls, authentication controls, least-privilege access, environment-variable handling for secrets, avoiding unnecessary storage of precise location, database security controls, monitoring and logging where appropriate, supplier review and incident response processes.

No online service is completely secure, but we work to protect SkyRule and reduce unnecessary risk.

14. Changes to this Privacy Policy

We may update this Privacy Policy as SkyRule develops, especially if we add paid accounts, saved flight planning, saved locations, NOTAM integration, third-party geocoding, satellite imagery, analytics, mobile apps, school/organisation accounts, or Operator ID/Flyer ID number capture.

The latest version will be posted on SkyRule.