ShotKit Privacy Policy

Effective 2026-05-05. Last updated 2026-05-05.

ShotKit is a flight mission planner for DJI drones. This policy describes what data we collect, why we collect it, how it's stored, and how you can ask for it back or have it deleted. The policy applies to the ShotKit web app (shotkit.stewartb.workers.dev) and the ShotKit mobile apps for iOS and Android.

If you have questions, write to ai@stewart-burton.com.

1. What we collect

Account data

• Email address. Required to create an account, sign in, and recover access. Treated as the primary user identifier.
• Password (hashed). Stored only as a PBKDF2 hash. We never see or store the plaintext.
• Account tier and usage counters. Whether you're on Free or Pro, plus monthly/hourly mission generation counts used to enforce rate limits.

Mission data

• Subject coordinates. The lat/lng of the location you're planning to shoot. Required to generate the flight mission.
• Mission name, prompt text, drone selection, generated waypoints, optional director note, optional tags, and optional planned shoot moment. Stored on our database so you can return to the mission later.
• Saved Locations / pins. Personal location pins you create are stored on our database so they sync across your devices. Pin names are user-supplied and treated as private.

AI prompts

• The natural-language prompt you submit to the "Generate mission" or "Inspire" features is sent to Anthropic's Claude API and to ShotKit's servers. The prompt and Claude's response are stored as part of the mission record so you can re-export it.

Telemetry

• Crash reports and basic usage metrics. On iOS, collected via Apple TestFlight Crashes / App Store Connect Crashes. On Android, via Google Play Console's Android Vitals. We don't ship a third-party crash SDK. Both platforms only collect from users who opt in to diagnostics sharing.
• Server access logs. Standard Cloudflare Worker logs (timestamp, IP, path, status). Retained 7 days, used for abuse triage and debugging.

2. What we do NOT collect

• Background location, contacts, photos, browsing history, advertising identifiers, social-graph data, or any biometrics.
• We do not track you across other apps or websites.
• We do not run ad networks or share data with advertisers.

3. Why we collect it

• To run the service. Mission data, prompts, and waypoints are needed for the core feature: generating and exporting a flight plan.
• To bill correctly. Pro tier upgrades go through StoreKit (iOS) or Play Billing (Android) via RevenueCat. We receive a tier flag from RevenueCat; we don't see your card details.
• To prevent abuse. Rate limits and access logs stop credential-stuffing and AI-prompt-spam attacks.

4. Where it's stored

• Cloudflare D1 (our primary database, EU-West region) for account records, mission records, and saved location pins.
• Cloudflare KV for rate-limit counters and short-lived sessions.
• Cloudflare Workers for request handling. No data is stored on the Workers themselves.
• Anthropic (US) processes AI prompts in transit. Per Anthropic's policy as of writing, prompts are not used to train future models when sent via the API.
• Open-Meteo (EU) handles weather queries. We send only the subject's lat/lng; no account identifier.
• Google (Maps Platform) handles Elevation, Places (autocomplete), Map tiles, and the Photorealistic 3D Tile rendering. We send only the coordinates needed for the call; no account identifier.
• Esri serves the satellite imagery tiles bundled into Field Pack KMZ exports. Same: coordinates only, no account identifier.

5. Sharing

We do not sell, rent, or trade your data. We share it only:

• With the third-party services listed in §4 above, strictly to provide the corresponding feature.
• If we receive a valid legal request (subpoena, court order). We will notify you unless legally prohibited from doing so.

6. Retention

• Account data: kept while your account exists. Delete your account and we delete the row.
• Mission data, prompts, waypoints, saved pins: kept while your account exists. Foreign-key cascades on user delete remove them automatically.
• Server access logs: 7 days.
• Crash reports: retained per Apple's / Google's retention defaults (typically 90 days).

7. Your rights

You can:

• Access your data. Email ai@stewart-burton.com from your account address. We respond within 14 days.
• Correct inaccuracies. Most fields are editable in the app (mission name, director note, tags, saved pin names). Email if you need help with anything else.
• Delete your account. Email the address above. We delete your account and cascade-delete your missions, pins, and prompts within 14 days. Confirmation will be sent.
• Export your data. Email the address above. We send a JSON export of your account, missions, and pins.

8. Children

ShotKit is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has created an account, email us and we will delete it.

9. Changes to this policy

If we materially change this policy, we'll update the "last updated" date at the top and notify active users by email at least 14 days before the change takes effect.

10. Contact

Stewart Burton (operator and data controller) - ai@stewart-burton.com