🔒 Legal

Privacy Policy

Version 1.2 — Last updated: 9 April 2026

Last Updated: 9 April 2026  ·  Version: 1.2

Privacy Officer: privacy@dronepilots.com.au

1. Introduction

DronePilots.com.au ("we", "us", "our") is committed to protecting the privacy of individuals who use our platform. This Privacy Policy explains how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By accessing or using DronePilots.com.au, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our platform.

This policy applies to all users of our platform, including drone pilots who list their services ("Pilots"), clients who search for and engage drone services ("Clients"), and general visitors to the website.

2. Who We Are

DronePilots.com.au is an online marketplace that connects clients with CASA-verified, licensed drone pilots across Australia. We operate as a directory and matching service; we are not a party to any service agreement between Pilots and Clients.

  • Entity: GreenHost, operating as dronepilots.com.au
  • ABN: 15 586 508 845
  • Privacy Officer: privacy@dronepilots.com.au
  • Address: [Registered address to be inserted]

3. Open and Transparent Management of Personal Information (APP 1)

We manage personal information in an open and transparent manner. This Privacy Policy is the primary document through which we communicate our information handling practices. It is freely available on our website at all times.

We maintain internal procedures and systems to ensure compliance with the APPs, including:

  • Staff training on privacy obligations
  • Regular reviews of data handling processes
  • Documented data breach response procedures
  • A clear process for handling privacy inquiries and complaints

4. Anonymity and Pseudonymity (APP 2)

Where practicable, individuals may interact with us anonymously or using a pseudonym. Specifically:

  • Clients and visitors may browse the platform, search for pilots, and view pilot profiles without creating an account or identifying themselves.
  • Pilots are required to provide their real identity because we verify CASA credentials (Remote Pilot Licence, Operator's Certificate) which are linked to legal names. Pseudonymous registration is not available for pilot accounts due to regulatory verification requirements.

5. Collection of Solicited Personal Information (APP 3)

We only collect personal information that is reasonably necessary for our functions and activities. The types of personal information we collect include:

For Pilots:

  • Full name, business name, ABN
  • Email address, phone number
  • Physical address and service area locations
  • CASA licence details: Remote Pilot Licence (RePL) number, Remotely Piloted Operator's Certificate (ReOC) number, Aviation Radio Operator Certificate (AROC) status
  • Advanced endorsements (night flying, BVLOS, over people)
  • Insurance details (public liability amount, aviation insurance status)
  • Equipment and software information
  • Portfolio images, videos, and work samples
  • Profile photo
  • Self-reported flight hours and experience
  • Pricing and service package information
  • Payment and billing information (processed by our payment provider)

For Clients:

  • Full name
  • Email address
  • Company name (optional)
  • Project details submitted via quote requests

For All Users:

  • Account credentials (email and hashed password)
  • Device and browser information (via cookies and server logs)
  • IP address and approximate location data
  • Usage data (pages visited, search queries, interaction patterns)

We collect personal information by lawful and fair means, and only directly from the individual concerned wherever possible.

6. Unsolicited Personal Information (APP 4)

If we receive personal information that we did not solicit, we will, within a reasonable period, determine whether we could have collected the information under APP 3. If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

7. Notification of Collection (APP 5)

At or before the time we collect personal information (or as soon as practicable afterwards), we take reasonable steps to notify you of:

  • Our identity and contact details
  • The purposes for which the information is collected
  • Whether the collection is required or authorised by law
  • The consequences if all or part of the information is not collected
  • Any third parties to whom we usually disclose the information
  • How you can access and correct the information
  • How you can complain about a breach of the APPs
  • Whether we are likely to disclose the information to overseas recipients

Collection notices are provided at the relevant points on our platform (for example, during registration and when submitting quote requests).

8. Use or Disclosure of Personal Information (APP 6)

We use and disclose personal information only for the primary purpose for which it was collected, or for a secondary purpose that you would reasonably expect, or to which you have consented. Specifically, we use your information to:

  • Provide our services: matching Clients with Pilots, displaying pilot profiles, facilitating quote requests and communications
  • Verify credentials: confirming CASA licences, endorsements, and insurance details
  • Process payments: managing subscriptions, invoices, and billing through our payment provider
  • Improve our platform: analysing usage patterns, troubleshooting issues, and enhancing user experience
  • Communicate with you: sending account notifications, service updates, and responding to enquiries
  • Comply with legal obligations: responding to lawful requests from government agencies and courts
  • Protect our rights: enforcing our Terms of Service and preventing fraud or misuse

We may disclose personal information to the following categories of recipients:

  • Other users of the platform (e.g., pilot profile information is displayed publicly)
  • Payment processing providers (e.g., Stripe)
  • Cloud hosting and infrastructure providers
  • Email and communication service providers
  • Analytics service providers (subject to your cookie preferences)
  • Professional advisors (legal, accounting)
  • Government agencies or regulators where required by law

9. Direct Marketing (APP 7)

We may use your personal information to send you direct marketing communications about our services, features, and offers. We will only do so where:

  • You have consented to receiving such communications; or
  • You would reasonably expect us to use the information for direct marketing

Every marketing communication includes a simple mechanism to opt out. You can unsubscribe at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your notification preferences in your account dashboard
  • Contacting us at privacy@dronepilots.com.au

We will not disclose your personal information to third parties for their own direct marketing purposes without your explicit consent.

10. Cross-Border Disclosure of Personal Information (APP 8)

Some of our service providers are located outside Australia. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to the information.

Our overseas service providers and the countries where personal information may be disclosed include:

  • Cloudflare, Inc. (United States): CDN, DNS, DDoS protection, bot mitigation, and Turnstile CAPTCHA. Cloudflare may process IP addresses, request metadata, and limited diagnostic information as part of delivering our website.
  • Google LLC — Google Tag Manager & Google Analytics (United States): tag management and (where you have consented) anonymised analytics. May process IP address and cookie identifiers.
  • Stripe, Inc. (United States): payment processing for subscriptions and invoices. Stripe is PCI DSS Level 1 certified.
  • Cloud hosting and email delivery providers: with servers located in Australia, the United States, and the European Union.

Before disclosing personal information overseas, we take reasonable steps to ensure recipients handle the information consistently with the APPs. These steps include relying on contractual data processing agreements, vendors with recognised privacy and security certifications (e.g. SOC 2, ISO 27001, PCI DSS), and limiting the categories of information disclosed to what is necessary for the relevant service.

By using our website, you acknowledge that personal information may be disclosed to the overseas recipients listed above. You can reduce or prevent disclosure to analytics providers at any time via our Cookie Settings page.

11. Government Related Identifiers (APP 9)

We collect government-related identifiers such as CASA Remote Pilot Licence (RePL) numbers, Remotely Piloted Operator's Certificate (ReOC) numbers, and ABNs for the purpose of verifying pilot credentials and displaying verified status on profiles.

We do not adopt, use, or disclose these identifiers as our own identifiers. We store them solely for verification and display purposes as authorised by the individual and as necessary for the proper functioning of our platform.

12. Quality of Personal Information (APP 10)

We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up-to-date, complete, and relevant. We rely on individuals to provide accurate information and to update their details when they change.

Pilots can update their profile information at any time via the Business Profile section in their dashboard. Clients can update their account details through their account settings.

13. Security of Personal Information (APP 11)

We take reasonable steps to protect personal information from misuse, interference, loss, and from unauthorised access, modification, or disclosure. Our security measures include:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Secure password hashing (bcrypt)
  • Access controls limiting employee access to personal information on a need-to-know basis
  • Regular security reviews and updates
  • CSRF protection and secure session management
  • HTTP security headers including Content-Security-Policy, Strict-Transport-Security (HSTS), Referrer-Policy, Permissions-Policy, and X-Frame-Options
  • Secure cookie flags (Secure, HttpOnly, SameSite) on session and authentication cookies

Payment information is processed and stored by our payment provider (Stripe), which is PCI DSS Level 1 certified. We do not store full credit card numbers on our servers.

Notifiable Data Breaches

In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme, we will:

  • Promptly assess whether the breach is likely to result in serious harm
  • Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required
  • Take reasonable steps to contain the breach and mitigate any harm

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When personal information is no longer needed, we will destroy it or de-identify it in a secure manner.

14. Access to Personal Information (APP 12)

You have the right to request access to the personal information we hold about you. We provide two ways to obtain your data:

Option 1 — Self-Service Data Export (instant)

Registered users can download a complete copy of all personal information we hold at any time via the Settings page in their account dashboard. Exports are available in JSON format (single structured file) and CSV format (ZIP archive with one file per data category). Your export includes profile information, CASA credentials, services, equipment, portfolio metadata, packages, reviews, enquiries, and all other data associated with your account.

Option 2 — Formal Access Request

To request access via our Privacy Officer, follow these steps:

  1. Submit your request by email to privacy@dronepilots.com.au with the subject line "Access Request — APP 12". Include your full name, the email address associated with your account (if any), and a description of the information you are seeking.
  2. Verification of identity: we will ask you to verify your identity (for example, by responding from your registered email address or providing other reasonable proof) before disclosing any personal information.
  3. Acknowledgement: we will acknowledge your request within 5 business days.
  4. Response: we will respond in full within 30 days of receiving a verifiable request, and provide access in the format you reasonably request where practicable.
  5. Fees: there is no charge for making an access request. We do not charge for providing access via the self-service export. If a formal request requires significant effort to fulfil, we may charge a reasonable, cost-based fee — but only after notifying you in advance and giving you the opportunity to withdraw or narrow the request.

We may refuse access in the limited circumstances permitted by APP 12 — for example, where providing access would have an unreasonable impact on the privacy of others, or where the request is frivolous or vexatious. If we refuse access (in whole or in part), we will provide written reasons and information about how to complain (see the Complaints section).

15. Correction and Deletion of Personal Information (APP 13)

We take reasonable steps to correct personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading, having regard to the purpose for which it is held.

You can correct much of your personal information directly through your account dashboard. For information that cannot be corrected through the dashboard, contact our Privacy Officer at privacy@dronepilots.com.au.

We will respond to correction requests within 30 days. If we refuse to correct information, we will provide written reasons and, if requested, attach a statement noting that you consider the information inaccurate or incomplete.

Account Deletion

You may delete your account at any time via the Settings page in your account dashboard. Account deletion is immediate and permanent. Upon deletion:

  • All personal information (profile, credentials, contact details, business information) is permanently removed from our systems
  • All uploaded files (portfolio images, videos, profile photos) are permanently deleted from our servers
  • All associated data (equipment, services, packages, FAQ, enquiries) is permanently deleted
  • Reviews you received from clients are retained in an anonymised form, attributed to "Deleted Pilot", to preserve the integrity of client feedback on the platform

We recommend downloading a copy of your data using the export feature before deleting your account. A confirmation email will be sent to your registered email address upon deletion.

16. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to provide essential functionality, remember your preferences, and improve your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

You can manage your cookie preferences at any time via our Cookie Settings page.

17. Complaints

If you believe we have breached the APPs or handled your personal information inappropriately, you may lodge a complaint with us:

  1. Contact our Privacy Officer at privacy@dronepilots.com.au with details of your complaint.
  2. We will acknowledge your complaint within 5 business days and investigate it promptly.
  3. We will provide a written response within 30 days, outlining our findings and any actions we will take.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify registered users via email where the changes are significant
  • Display a notice on the platform for a reasonable period

We encourage you to review this policy periodically. Your continued use of the platform after changes are published constitutes acceptance of the updated policy.

APP Certified by PrivacyMate

Questions about this policy? Contact our Privacy Officer at privacy@dronepilots.com.au

🍪

We value your privacy

We use essential cookies to make DronePilots.com.au work. We'd also like to set optional analytics and marketing cookies to help us improve our service. Learn more

Cookie Preferences

Essential Cookies

Required for the site to function. These cannot be disabled.

Always Active

Analytics Cookies

Help us understand how visitors interact with our website to improve the experience.

Marketing Cookies

Allow us to show you relevant advertisements and measure campaign effectiveness.