Privacy Policy

Account & Configuration Data

What We Store

• • Email address and OAuth profile (sign-in identity only)
• • Watch-grid polygons and anomaly rule settings
• • Webhook delivery URLs and event logs
• • API key identifiers (never plaintext secrets)
• • SDR node registration and uptime metrics

No payment card data is stored by SkyGrid. Billing, if applicable, is processed by a PCI-compliant third-party processor.

Purpose & Use

Why We Process It

• • Providing and improving the monitoring service
• • Routing anomaly alerts to your configured endpoints
• • Calculating node contribution scores and uptime rewards
• • Fraud prevention and rate-limit enforcement
• • Legal and regulatory compliance obligations

We do not sell personal data or use it for advertising profiling.

Retention

How Long We Keep It

Raw aircraft telemetry is retained for up to 90 days for anomaly correlation and analyst review. Anomaly event records may be retained for up to 12 months. Account and configuration data is retained for the lifetime of your account and deleted within 30 days of account closure on request.

Your Rights (GDPR / CCPA)

Data Subject Rights

EU/UK residents (GDPR) and California residents (CCPA) have the right to:

• • Access — request a copy of data we hold about you
• • Rectification — correct inaccurate personal data
• • Erasure — request deletion of your account data
• • Portability — receive your data in a machine-readable format
• • Object — opt out of processing based on legitimate interests

To exercise any right, email jamie@obsidiandynamics.co.uk. We respond within 30 days.

Consent & Notifications

Alert & Communication Consent

By configuring an email alert or webhook destination, you explicitly consent to SkyGrid sending anomaly notifications to that endpoint. You may revoke this consent at any time by removing the destination from your dashboard. Transactional emails (e.g., account confirmation) are sent only when strictly necessary.

Marketing Communications

Email Marketing & Outreach

We may send commercial emails including product updates, threat intelligence digests, and feature announcements. Every marketing email includes a one-click unsubscribe link. You can also opt out at any time by emailing jamie@obsidiandynamics.co.uk. We process marketing communications under legitimate interest (GDPR Art. 6(1)(f)) and honour all unsubscribe requests within 48 hours.

Email delivery is handled by Resend (resend.com), which processes recipient email addresses and delivery metadata on our behalf.

Analytics & Error Monitoring

Third-Party Processors

We use the following third-party services to operate and improve SkyGrid:

• • Sentry (sentry.io) — error tracking and performance monitoring. Collects anonymised stack traces, browser metadata, and page-load metrics. PII is not transmitted.
• • Resend (resend.com) — transactional and marketing email delivery.
• • DigitalOcean — infrastructure hosting (App Platform, Managed Database).
• • Cloudflare — CDN, DDoS protection, and DNS.
• • MapTiler — map tile serving for the dashboard globe.

All processors are bound by data processing agreements and are located in the US or EU.

Security

How We Protect Your Data

• • All traffic encrypted in transit via TLS 1.2+
• • API keys stored as one-way hashed values
• • Session tokens are short-lived JWTs with rotation
• • Rate limiting and bot-score filtering at the edge
• • Webhook URLs validated against SSRF attack patterns