The data controller for UK Drone Map is:
For any data-protection query or to exercise your rights, contact us via the details in section 9.
UK Drone Map sets no first-party cookies. We do not use document.cookie anywhere in the application.
Third-party services used to deliver the application — in particular map tile providers (CARTO, ArcGIS, OpenTopoMap) and the Cloudflare CDN — may set their own session or operational cookies as part of delivering those resources. These cookies are:
Because these third-party cookies are strictly necessary for the Service to operate, they are placed without requiring your consent under Regulation 6(4) of the UK Privacy and Electronic Communications Regulations 2003 (PECR). No consent banner is therefore displayed.
You can inspect, block or delete any cookies using your browser's privacy controls at any time.
UK Drone Map stores the following data locally on your device using IndexedDB (via the localforage library) and localStorage. None of this data is transmitted to us or any third party.
| What is stored | Purpose | Storage type |
|---|---|---|
| Map layer visibility preferences | Remember which layers you have toggled on/off | IndexedDB |
| Configuration (refresh interval, default map centre) | Persist your settings across sessions | IndexedDB |
| Airspace, weather and conservation data cache | Reduce network requests and enable offline use | IndexedDB |
| Flight plans | Save and load your pre-flight planning records | IndexedDB |
| Pilot profile and drone fleet | Pre-populate risk assessments and checklists | IndexedDB |
| Disclaimer acceptance flag | Suppress the disclaimer after first acceptance | localStorage |
| Onboarding completion flag | Suppress first-visit onboarding after completion | localStorage |
| Theme preference (dark/light) | Persist your colour scheme choice | localStorage |
| Panel resize state | Restore panel sizes between sessions | localStorage |
You can clear all locally stored data at any time via Settings → Clear Cache in the app, or through your browser's site data controls.
The only personal data we process is your IP address, which is transmitted to third-party services as an unavoidable technical consequence of making HTTP requests. We do not collect, store or analyse IP addresses ourselves.
Our hosting provider and CDN (Cloudflare) may log standard HTTP request data — including IP addresses, timestamps, browser type, and requested paths — for security, abuse-prevention and operational purposes. Our lawful basis is legitimate interests (UK GDPR Article 6(1)(f)) — specifically the interests of maintaining the security and integrity of the Service. Logs are retained for no longer than 90 days.
If you click the "Locate me" button, your browser requests your device location using the Web Geolocation API. This is entirely optional, operates within your browser, and is used only to centre the map. Location data is not stored, not transmitted to us, and is discarded as soon as the map centres.
UK Drone Map makes requests to the following third-party services during normal operation. Each receives your IP address as part of the HTTP request. We do not control their data practices.
| Service | Purpose | Privacy policy |
|---|---|---|
| CARTO | Basemap tiles (default map background) | carto.com/privacy |
| Cloudflare CDN (cdnjs.cloudflare.com) | Delivers Leaflet.js, Leaflet.draw and localforage scripts | cloudflare.com/privacypolicy |
| OpenAIP (via our server proxy) | UK airspace data (CTR, TMA, ATZ, danger areas, etc.) | openaip.net/legal |
| Open-Meteo | Weather forecast data | open-meteo.com/en/terms |
| OSM Nominatim (nominatim.openstreetmap.org) | Location search / geocoding | osmfoundation.org |
| Esri ArcGIS (services.arcgis.com) | Conservation boundary data (SSSI, National Parks, SAC, etc.) | esri.com/privacy |
| Overpass API (overpass-api.de) | OpenStreetMap obstacle and infrastructure data | osmfoundation.org |
| National Trust ArcGIS (services-eu1.arcgis.com) | National Trust land boundary data | nationaltrust.org.uk/privacy-policy |
All requests to OpenAIP are proxied through our own server so that your browser communicates with our domain only — your IP is not directly exposed to OpenAIP.
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, our processing of IP addresses via server/CDN access logs is based on legitimate interests (Article 6(1)(f)) — specifically:
We have conducted a legitimate interests assessment and concluded that this processing does not override your interests, rights or freedoms, given the minimal nature of the data, the short retention period (90 days), and the absence of any profiling or marketing use.
Under UK GDPR, you have the following rights in relation to personal data we hold about you:
To exercise any right, contact us using the details in section 9. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
As the data held is limited to short-lived access logs retained for security purposes, there is typically no personal data available for export or erasure beyond the 90-day retention window.
For any privacy or data-protection query, to exercise your rights, or to report a concern:
We may update this policy from time to time. The effective date at the top of the page will be updated when changes are made. Continued use of the Service after any change constitutes acceptance of the updated policy. Significant changes will be noted in the app.