Privacy Policy & GDPR

GDPRUK ICOLast reviewed: 20 April 2026FPV SCHOOL LIMITED · Company No. 15817837 · ICO: ZB796938

Legal Hub: /legal
Cookie Policy: /legal/cookie-policy
AI Features Policy: /legal/ai-policy
Complaints & Legal Notices: /legal/complaints

1. Who we are

FPV SCHOOL LIMITED ("FPV School", "we", "us", "our") is the controller of personal data processed across the FPV School ecosystem unless a page or service clearly states otherwise.

Operator: FPV SCHOOL LIMITED (England and Wales)
Registered office: 483 Green Lanes, London, N13 4BS, United Kingdom
Company number: 15817837
ICO registration: ZB796938
Contact: [email protected]

2. What this policy covers

This is the master privacy notice for FPV School properties, including public websites, account areas, drone and profile features, cloud deliveries, library access, AI-assisted tools, support flows, and related legal or operational pages.

Different properties and rollout stages do not always expose the same functionality. The exact data we process therefore depends on what you use, what you publish, and what is enabled at the time.

3. Personal data we collect

3.1 Data you provide directly

Depending on the service, we may collect:

account data such as email address, username, display name, FPV ID, profile preferences, and access state;
support and contact data such as your messages, attachments, replies, and troubleshooting context you choose to provide;
profile and drone content such as bios, locations, social links, drone specifications, build details, rates, flight logs, checklists, notes, uploads, and gallery media;
library, cloud, and delivery data such as file names, folders, password-protected access events, entitlement markers, and download actions;
wallet and product data such as FPV Coins balance, spend history, refunds, achievements, progression events, and other platform accounting records; and
AI interaction data such as prompts, messages, conversation history, and contextual feature metadata where AI features are enabled.

Please do not submit payment card details, passwords, recovery codes, or special-category personal data unless we explicitly ask for it and you have the right to share it.

3.2 Data collected automatically

When you access FPV School properties, we may automatically process:

authentication and session data required to keep signed-in services working securely;
server, request, and device metadata needed for delivery, abuse prevention, diagnostics, and reliability;
Cloudflare security and performance data such as IP address, request headers, browser or device signals, and challenge outcomes;
aggregated analytics from our self-hosted privacy-focused analytics setup on supported public domains; and
download, view, and feature-usage events needed to operate gated resources, public pages, and platform integrity tooling.

Our current public analytics setup is designed to avoid analytics cookies. On fpvschool.com, logged-in users are excluded from that public analytics script. Security, session, and access-control cookies can still be used where needed for the service itself.

3.3 Public profiles, public drones, and shared links

If you make a profile, drone, tab, file, or other resource public or share a delivery link, the related content can become accessible to other people, search engines, recipients, or anyone who receives the shared URL. Password protection reduces accidental access but does not prevent forwarding, screenshots, local copying, or other downstream sharing by recipients.

You are responsible for deciding what you publish or share through public or recipient-facing surfaces.

3.4 AI-related processing

Where AI features are enabled and available to your account, we may process your prompt, recent conversation history, relevant feature metadata, limited drone or workflow context, and retrieved knowledge-base snippets in order to generate a response. AI conversations are intended to remain account-private and are not exposed on public drone/profile pages unless we clearly state otherwise for a specific feature.

4. Why we use personal data

We use personal data to:

operate websites, accounts, drone tools, library/cloud resources, and legal pages;
authenticate users, maintain access control, and protect account integrity;
deliver uploads, downloads, public pages, and password-protected resources;
process AI requests, maintain AI history, enforce AI access rules, and account for FPV Coins usage;
respond to support, complaints, rights requests, and legal notices;
detect abuse, fraud, scraping, unsafe use, or other platform-integrity issues;
improve the reliability and usability of our services using proportionate analytics and diagnostics; and
comply with legal, tax, accounting, consumer, and security obligations.

5. Lawful bases

We rely on one or more lawful bases under UK GDPR and, where applicable, EU GDPR, including:

contract, where we provide an account, feature, download, or other service you request;
legitimate interests, where proportionate for security, fraud prevention, analytics, product integrity, moderation, or service improvement;
consent, where required for specific optional communications or technologies; and
legal obligation, where we must retain or disclose information for compliance, accounting, consumer, or law-enforcement reasons.

6. Who we share data with

We do not sell personal data. We share personal data only where necessary to run the platform, secure it, deliver a requested feature, or comply with the law.

Relevant processors or service providers may include:

Supabase for authentication and database services: Privacy policy
Backblaze B2 for object storage and media delivery support: Privacy policy
Cloudflare for CDN, DNS, caching, and security services: Privacy policy
DigitalOcean for server and infrastructure hosting: Privacy policy
OpenAI for AI processing where AI features are enabled: Enterprise privacy

When AI tools are used, the AI provider may process business/API data such as prompts, outputs, conversation context, and retrieved support context needed to answer the request. FPV Coins accounting, usage reconciliation, and access-control decisions may also be handled inside FPV School systems and are not necessarily transmitted to the AI provider. According to OpenAI's published business/API materials available when this policy was updated, business/API data is not used to train models by default unless the customer explicitly opts in. Provider terms can change, so you should also review the provider's current notice.

We may also disclose data where reasonably necessary to enforce our terms, investigate security issues, protect users or the public, or comply with lawful requests.

7. International transfers

We use providers that may process data in the UK, EEA, and other countries depending on hosting, support, delivery, and network routing. Content delivery and security inspection may also occur across Cloudflare's global network.

Where required by data protection law, we use appropriate transfer safeguards such as adequacy mechanisms, contractual protections, and proportionate technical or organisational controls.

8. Cookies and similar technologies

FPV School uses cookies and similar technologies mainly for authentication, session security, Cloudflare protection, and related service integrity functions.

We do not currently promise a universal cookie banner or in-product cookie settings panel on every property. If we later introduce non-essential technologies that require separate consent controls, we will update our notices and implementation accordingly. For details, see /legal/cookie-policy.

9. Public/private controls, deactivation, and deletion

Deactivation is intended to disable access and hide your public-facing account surfaces, but it does not by itself erase stored records.

Deletion is intended to remove your live account and profile data from normal service use. However, we may retain limited deletion logs, audit records, anti-abuse evidence, backup data, or legally required records for as long as reasonably necessary for security, fraud prevention, dispute handling, legal obligations, or backup rotation.

Not every copy of data disappears instantly from every system. Where practical, we remove live-service access first and allow residual backup or compliance records to expire under normal retention schedules.

10. Retention

We keep personal data only for as long as necessary for the purposes described above, then delete, minimise, or anonymise it where practical.

Retention can vary depending on the feature, legal obligation, fraud/security risk, or whether the data is part of operational logs, wallet records, support history, moderation records, or public/shared resources.

11. Your rights

Depending on your circumstances, you may have rights to request access, rectification, erasure, restriction, portability, objection, or withdrawal of consent where consent is the legal basis.

To exercise a rights request, contact: [email protected]
Subject line recommended: DATA REQUEST

We may ask you to verify your identity before acting on a request.

12. Security

We use proportionate technical and organisational measures to reduce unauthorised access, misuse, loss, or disclosure. No service is perfectly secure, and you also remain responsible for device security, password hygiene, and what you publish or submit.

13. Complaints

If you have concerns about how we process personal data, contact us first at [email protected].

You also have the right to complain to the UK Information Commissioner's Office (ICO): https://ico.org.uk/

14. Changes to this policy

We may update this policy to reflect changes to our services, providers, feature rollout, or legal requirements. We will update the "Last updated" date when we make material changes.