FPV SCHOOL← Back to homeLegal hub

Privacy Policy & GDPR

GDPRUK ICOLast reviewed: February 2026FPV SCHOOL LIMITED · Company No. 15817837 · ICO: ZB796938

Privacy Policy & GDPR (Master Page)
Last updated: 02 February 2026

Legal Hub Registry: /legal
Cookie Policy (Master): /legal/cookie-policy
AI Virtual Expert Policy (Master): /legal/ai-virtual-expert-policy (not yet active)

1. Who we are (data controller)

FPV SCHOOL LIMITED ("FPV School", "we", "us", "our") is the data controller for personal data processed across the FPV School Hub ecosystem, unless a specific property clearly states otherwise.

Operator: FPV SCHOOL LIMITED (England and Wales)
Registered office: 483 Green Lanes, London. N13 4BS. United Kingdom.
Company number: 15817837
Regulator registration: We are registered with the UK Information Commissioner's Office (ICO) as a data controller. Registration reference: ZB796938.
Contact: legal@fpvschool.com

2. What this policy covers (master scope)

This is the master (canonical) Privacy Policy for the FPV School Hub ecosystem. It explains how we collect, use, share, and protect personal data when you:

  • visit our websites and legal hub pages;
  • create or use an account (where available);
  • buy or access digital products/courses (where available);
  • use community features (where available);
  • contact us, subscribe to updates, or interact with our content;
  • use AI-assisted tools (where available).

Different FPV School properties may offer different features, so the exact data processed can vary by property and configuration.

2.1 Site-entry notices and property differences

Some FPV School properties may publish shorter "site-entry" privacy notices. Those are intended to point back to this master policy for definitions and baseline rules, and to clarify property-specific features where needed.

3. The personal data we collect

We aim to collect only the minimum personal data needed to operate the Services, keep them secure, and deliver what you request. The exact data processed depends on which FPV School property you use and which features are enabled.

3.1 Data you provide directly

Depending on what you do and which features are enabled, we may collect:

  • Contact and enquiries: your name (if provided), email address, and the content of your message (including any attachments you choose to send).
  • Account and profile data (where accounts exist): username, email address, display name, profile settings, and optional profile fields you choose to complete.
  • Passwords are stored in hashed form by the platform; we do not store passwords in plain text.
  • Purchases and access (where e-commerce/digital access exists): items purchased, timestamps, payment status, invoices/receipts, and access entitlements (for example, "has access to course X").
  • Payment card details are handled by payment providers and are not stored on our servers.
  • Courses and learning (where enabled): enrolments, progress/completion states, quiz results or submissions (if used), and associated learning preferences.
  • Community and user-generated content (where enabled): posts, comments, uploads, reactions, and moderation/reporting metadata linked to that content.
  • Support and communications: support requests, troubleshooting messages, and our replies.
  • Subscriptions and updates (where enabled): newsletter sign-ups, communication preferences, and opt-in/opt-out records (including timestamps) to help demonstrate and respect your choices.
  • Other data you choose to share: any information you include in messages, uploads, or content (for example, screenshots of settings, drone build lists, firmware versions).

Important: Please do not submit sensitive personal data unless it is strictly necessary and you have the right to share it (see Section 7). If you share it anyway, it may be processed as part of your request.

3.2 Data collected automatically (technical + usage)

When you access or use the Services, we may collect certain technical and usage data automatically, such as:

  • Network and identifiers:
  • IP address (which may be personal data);
  • rough location derived from IP (for example, country/region), where enabled.
  • Device and browser information:
  • device type, operating system, browser type/version, language settings;
  • screen size and basic device signals used for responsive display and troubleshooting.
  • Usage and interaction data (typically in aggregate):
  • pages viewed, navigation paths, referring pages, timestamps;
  • clicks or events needed to understand feature usage (for example, "download clicked", "video started"), where enabled.
  • Security and abuse-prevention logs:
  • authentication events (logins, failed attempts), rate-limiting triggers, spam detection signals;
  • moderation/report actions and outcomes (where interactive features exist);
  • technical identifiers used to reduce abuse (for example, IP-based protections), where proportionate.
  • Service diagnostics and reliability:
  • error logs, performance metrics, crash reports, and audit logs that help us debug issues and keep the Services stable.

We do not aim to identify you from analytics alone. Where analytics is used, we aim to configure it in a proportionate way and to prefer aggregated insights.

3.3 Cookies and similar technologies

We use cookies and similar technologies for:

  • essential site functions (security, session management, preferences);
  • optional preferences and performance features;
  • analytics/measurement (where enabled);
  • affiliate attribution/marketing disclosures (where implemented).

For details, including controls for non-essential cookies, see:
/legal/cookie-policy

4. Why we use personal data (purposes)

We may process personal data to:

  • operate, maintain, and secure websites and services;
  • create and manage accounts and permissions (where available);
  • deliver features you request (courses, downloads, subscriptions, tools);
  • respond to enquiries and provide support;
  • send service messages (administrative/transactional) and, where applicable, newsletters/updates;
  • understand usage and improve content and user experience (typically aggregated);
  • process purchases, refunds, and accounting records (where applicable);
  • detect and prevent fraud, misuse, and policy violations.

5. Lawful bases (UK GDPR)

We process personal data only where we have a lawful basis, including:

  • Contract (to provide accounts, purchases, requested services);
  • Legitimate interests (security, abuse prevention, service improvement in a proportionate way);
  • Consent (for optional cookies, marketing/newsletters where required, certain preferences);
  • Legal obligation (tax/accounting, compliance with lawful requests).

5.1 Consent controls (where applicable)

Where we rely on consent (e.g., non-essential cookies, marketing), you can withdraw it at any time via the relevant controls (cookie banner/tools) or by contacting us.

5.2 Marketing and newsletters (where enabled)

Where we send newsletters or marketing communications, we do so only where permitted by applicable law (for example: where you have opted in, or where a "soft opt-in" applies and you can easily opt out).

You can unsubscribe at any time using the link in our emails or by contacting: legal@fpvschool.com.

6. Sharing personal data (recipients)

We do not sell personal data.

We may share personal data only where necessary to operate, secure, and deliver the Services, and only with recipients who have a legitimate need to receive it.

Depending on the property and features enabled, recipients may include:

  • Hosting, infrastructure, and delivery providers (for example: web hosting, databases, storage, backups, CDN/content delivery, and system monitoring).
  • Email and communications providers (for example: sending transactional emails such as account messages, purchase receipts, password resets, and — where enabled — newsletters/updates you opt into).
  • Analytics and measurement providers (where enabled) to understand aggregated usage and improve performance and content.
  • Payment and commerce providers (where e-commerce is enabled) to process payments, handle fraud checks, and manage refunds/chargebacks.
  • Payment card details are processed by the payment provider and are not stored on our servers.
  • Security and anti-abuse providers (for example: spam filtering, bot protection, fraud detection, rate limiting, and threat monitoring).
  • Customer support tooling (where enabled) to handle requests and troubleshoot issues.
  • Community platform providers (where community features are hosted externally), where the platform operates under its own terms and privacy practices.

We aim to minimise what is shared. Where providers act as processors on our behalf, they are required to protect personal data and process it only on our instructions and for agreed purposes, subject to applicable law.

6.1 Ecosystem sharing (SSO and shared services)

Where unified login (SSO) or shared infrastructure exists, limited data may be processed across multiple FPV School properties to:

  • authenticate you across properties;
  • manage access to requested services (for example: courses, downloads, premium features);
  • keep account security consistent (for example: preventing abuse and fraud);
  • provide a coherent user experience across the ecosystem.

This may include account identifiers (such as user ID, username, email), access status/entitlements, and basic profile settings. We aim to limit this to what is necessary and proportionate for the shared service to function.

6.2 Legal requirements and protection

We may disclose personal data where we reasonably believe it is necessary to:

  • comply with legal obligations and lawful requests;
  • enforce our policies and terms;
  • protect our rights, users, and the public;
  • investigate, prevent, or respond to fraud, abuse, security incidents, or unlawful activity.

Where appropriate and lawful, we may challenge or narrow requests and limit disclosures to what is required.

6.3 Business transfers

If FPV SCHOOL LIMITED is involved in a merger, acquisition, restructuring, or asset transfer, personal data may be transferred as part of that transaction.

Where required by law, we will take reasonable steps to ensure the receiving party continues to protect your personal data in line with applicable data protection requirements and this policy (as updated).

7. International transfers

We are established in the United Kingdom. Some of our service providers (for example: infrastructure, email delivery, analytics, security tooling, or customer support platforms) may process personal data outside the UK.

Where personal data is transferred outside the UK and UK data protection law requires safeguards, we take steps intended to ensure an adequate level of protection, which may include (as appropriate):

  • using the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU Standard Contractual Clauses (SCCs);
  • transferring to countries covered by UK "adequacy" regulations (where applicable);
  • applying additional technical and organisational measures where proportionate (for example: encryption in transit, access controls, and data minimisation).

The exact transfer mechanism depends on the provider, the location(s) involved, and the nature of the processing. Where relevant, you can contact us to request further information about the safeguards we use.

8. AI tools and automated processing (where implemented)

Some FPV School properties may include AI-assisted tools (for example: the FPV School Virtual Expert). Where enabled, these tools may process information you submit ("Inputs") to generate responses ("Outputs").

Depending on configuration and feature set, AI-related processing may involve:

  • processing your Inputs (text, prompts, and any content you choose to submit) to generate Outputs;
  • applying automated safety controls to reduce harmful, unlawful, or abusive use (for example: content filtering, rate limiting, or spam/abuse detection);
  • generating limited logs or metadata to maintain service integrity, prevent misuse, and improve reliability;
  • optional feedback or learning workflows (where enabled) to help improve outputs over time.

Important notes:

  • Do not submit payment card details, passwords, authentication codes, or other sensitive secrets into AI tools.
  • AI Outputs can be incorrect, incomplete, or unsuitable for your situation. You remain responsible for verifying safety-critical or compliance-critical information before acting on it.

For AI-specific rules, limitations, and user responsibilities, see:
/legal/ai-virtual-expert-policy (policy not yet active as tool is not publicly available yet)

8.1 Automated decision-making

We do not use automated decision-making (including profiling) that produces legal effects or similarly significant effects about you as a default practice.

If a specific FPV School property introduces such processing in the future, we will describe it clearly on that property and explain the relevant safeguards and user rights, as required by applicable law.

9. Retention (how long we keep data)

We keep personal data only for as long as necessary for the purposes described in this policy, then delete it or anonymise it where practical. Retention can vary by property and feature set (for example: whether accounts, purchases, community features, or AI tools are enabled).

Because backups and security logs can exist, deletion may not be instantaneous in every system. Where feasible, we aim to remove data from live systems first and allow backup copies to expire under normal rotation, unless we must retain certain records for legal, security, or dispute-handling reasons.

Typical retention patterns (indicative):

  • Support and contact messages:
  • kept as long as needed to handle the request and maintain a reasonable record for follow-up, disputes, or safeguarding/security concerns.
  • Account data (where accounts exist):
  • kept while the account is active;
  • after closure/deletion, limited data may be retained for a reasonable period for security, fraud prevention, abuse prevention, and dispute handling, and to respect opt-outs (where applicable).
  • Course/learning records (where enabled):
  • kept to provide the service and maintain your learning history while your account remains active;
  • may be removed or minimised after account closure, subject to legal/security needs and platform constraints.
  • Newsletter and marketing preferences (where enabled):
  • kept until you unsubscribe or withdraw consent;
  • limited records of consent, unsubscribe, and suppression may be retained to demonstrate compliance and ensure we do not re-add you incorrectly.
  • Purchases, billing, and accounting (where e-commerce exists):
  • invoices/receipts and transaction records may be retained for the periods required by tax/accounting laws and to handle refunds/chargebacks and disputes.
  • payment card details are handled by payment providers and are not stored on our servers.
  • Security, anti-abuse, and technical logs:
  • kept for a limited period sufficient to detect, investigate, and prevent abuse, fraud, and security incidents, and to maintain service reliability.

Where we no longer need personal data, we aim to delete it, anonymise it, or reduce it to the minimum necessary (for example: retaining only non-identifying aggregates).

10. Your rights (UK GDPR)

Depending on your circumstances, you may have rights under UK data protection law, including:

  • access (to request a copy of your personal data);
  • rectification (to correct inaccurate or incomplete data);
  • erasure (to request deletion, where applicable);
  • restriction (to limit processing in certain circumstances);
  • portability (to receive certain data in a usable format, where applicable);
  • objection (including to direct marketing and, in some cases, to processing based on legitimate interests);
  • withdrawal of consent (where processing is based on consent).

To exercise your rights, contact: legal@fpvschool.com
We may need to verify your identity before fulfilling a request.

We aim to respond within the time limits required by applicable law. If we cannot comply with a request, we will explain why (for example: where we must retain certain information for legal, security, or dispute-handling reasons).

11. Complaints

If you have concerns about how we handle personal data, please contact us first at legal@fpvschool.com and we will try to resolve the issue in a reasonable way.

You also have the right to complain to the UK supervisory authority:
Information Commissioner's Office (ICO): https://ico.org.uk/

We are registered with the UK Information Commissioner's Office (ICO). Registration reference: ZB796938.

12. Security

We use reasonable technical and organisational measures intended to protect personal data, taking into account the nature of the data, how it is processed, and the risks involved.

Measures may include (as appropriate):

  • encryption in transit (HTTPS/TLS);
  • access controls and authentication (least privilege where applicable);
  • role-based access for administration and support;
  • security monitoring, logging, and abuse-prevention controls where appropriate;
  • software updates and maintenance to address vulnerabilities;
  • backups and disaster-recovery practices intended to support resilience and continuity.

No system is perfectly secure. You also play a role in security (for example: using strong passwords, keeping your devices secure, and avoiding sharing login credentials).

If you believe your interaction with us is no longer secure, or you suspect unauthorised access to your account or data, contact us at legal@fpvschool.com as soon as possible.

13. Children

The FPV School Hub ecosystem is not intended for children. We do not knowingly collect personal data from children.

Where a specific property includes account creation, community features, purchases, or other interactive tools, that property may apply minimum age expectations or access restrictions. Any such restrictions (where used) will be described on the relevant property.

If you believe a child has provided personal data to us, please contact legal@fpvschool.com with sufficient detail for us to locate the information. Where appropriate, we will take reasonable steps to delete the data and/or restrict access, subject to legal and security requirements (for example, retaining limited records where needed to prevent fraud or misuse).

14. Third-party links and embeds

Websites may link to third-party sites or embed third-party services (e.g., video players). These third parties may collect data under their own policies. Review third-party privacy notices where relevant.

15. Changes to this policy

We may update this Privacy Policy to reflect changes in features, services, or legal requirements. We will update the "Last updated" date at the top.

16. Operator (repeat)

Operator: FPV SCHOOL LIMITED (England and Wales)
Registered office: 483 Green Lanes, London. N13 4BS. United Kingdom.
Company number: 15817837
Contact: legal@fpvschool.com