Privacy Policy
Last updated: 2026-04-28
1. Data controller
Naka-Tek (SAS, SIREN 848 613 139, 128 rue La Boétie, 75008 Paris, France) is the data controller for personal data processed through the GhostTrace App and the website ghosttracefpv.com. For any privacy-related question, contact privacy@ghosttracefpv.com or support@ghosttracefpv.com.
2. Local-first by design
GhostTrace is built local-first. Telemetry, blackbox imports, drone configurations and pilot statistics are stored on your device. When you are not signed in (guest mode), no flight data leaves your phone.
3. Categories of data we process
When you create an account: email address, password (hashed by our auth provider), Supabase user identifier. When you use the App: drone configurations (name, frame type, motor and battery specs), flight sessions (GPS coordinates, telemetry samples, timestamps), pilot statistics (total flight time, distance). For "Find My Drone": last known GPS position of your drone, real-time location of your phone (only while the screen is open). Crash reports: stack traces and basic device info if the App crashes.
4. Legal basis (GDPR Art. 6)
Account, authentication and cloud sync: performance of the contract between you and Naka-Tek (Art. 6.1.b). Crash reports: legitimate interest in maintaining a working application (Art. 6.1.f). Product analytics: legitimate interest in understanding usage to improve the App (Art. 6.1.f) — collected with pseudonymous identifiers, no advertising. Marketing: not applicable, we do not do marketing.
5. Sub-processors
We rely on the following sub-processors, all hosting your data in the European Union: Supabase (PostgreSQL database, authentication, file storage — EU region). Amplitude (product analytics — EU data residency, Frankfurt). Firebase Crashlytics by Google (crash reports). Netlify (website hosting). The list of sub-processors may be updated; the "Last updated" date will be revised when it is.
6. Data location
All your account, drone and flight data is stored on infrastructure located in the European Union (Supabase EU region). Analytics events are routed to Amplitude's EU cluster (Frankfurt). Crash reports are processed by Firebase Crashlytics — Google may transfer this data outside the EU under the EU-US Data Privacy Framework.
7. Retention
Account data is retained for as long as your account is active. If you delete your account from the in-app Profile screen, your data is removed from Supabase within 30 days, and from operational backups within 90 days. Anonymous analytics events are retained up to 13 months. Crash reports are retained up to 90 days. Local data on your device persists until you uninstall the App.
8. Cookies & web tracking
The App itself does not use cookies. The website ghosttracefpv.com uses functional cookies necessary to remember your language preference and a strictly-necessary cookie to remember your cookie consent. We do not run advertising or cross-site tracking. We have removed Google Analytics; the website is monitored only via aggregate Netlify access logs.
9. Your rights (GDPR Art. 15-22)
You have the right to access, rectify, erase, restrict the processing of, port and object to the processing of your personal data. You can exercise most of these rights directly from the in-app Profile screen (account deletion, data export). Otherwise, write to privacy@ghosttracefpv.com — we respond within 30 days. You also have the right to lodge a complaint with the French data-protection authority (CNIL — cnil.fr) or any other competent EU authority.
10. Children
The App is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has shared personal data with us, contact privacy@ghosttracefpv.com and we will delete it.
11. Security
Data in transit is protected by TLS. Data at rest in Supabase is encrypted by the platform. Passwords are hashed with bcrypt by the auth provider. Access to production infrastructure is limited to Naka-Tek staff and uses multi-factor authentication. In the event of a personal data breach likely to result in a high risk to your rights, we will notify you and the CNIL within 72 hours, in line with GDPR Art. 33-34.
12. Changes to this policy
We may update this policy from time to time. Material changes will be announced in-app and the "Last updated" date will be revised.
13. Contact
For any privacy-related question or to exercise your rights: privacy@ghosttracefpv.com or support@ghosttracefpv.com.