Privacy Policy – Pavaman Aviation Drone App

Introduction
Scope & Applicability
Information We Collect
Why We Collect This Data (Purpose & Legal Basis)
Location Data Collection
DGCA Compliance & DigitalSky Platform
Pilot Responsibilities
Data Storage & AWS Encryption
Cross-Border Data Transfers
Geofencing & No-Fly Zone Enforcement
Data Retention Policy
Third-Party Sharing & Disclosure
User Rights (DPDP Act 2023)
Children's Privacy
Data Breach Notification
Developer Liability & Disclaimer
Grievance Officer & Redressal
Changes to This Policy
Contact Us

1 Introduction

This Privacy Policy describes how Pavaman Aviation ("Developer," "we," "us," or "our") collects, uses, stores, and protects personal and operational data through our drone management Android application ("App").

By installing, registering, or using this App, you explicitly consent to the practices described in this policy. If you do not agree, please discontinue use of the App immediately.

This policy is prepared in compliance with:

The Digital Personal Data Protection (DPDP) Act, 2023 (India)
The Drone Rules, 2021 issued by DGCA
The Information Technology Act, 2000 and IT (Amendment) Rules
The Bharatiya Vayuyan Adhiniyam, 2024
Guidelines issued by DGCA's DigitalSky Platform

2 Scope & Applicability

This policy applies to all users of the App, including registered drone pilots, drone operators, fleet managers, and any individual who accesses the App's services.

The App is intended for use within the Republic of India only, in accordance with DGCA regulations. Unauthorized use in restricted airspace or foreign jurisdictions is strictly prohibited.

3 Information We Collect

We collect the following categories of data:

Category	Specific Data Points	Mandatory/Optional
User Registration	Full name, email address, mobile number	Mandatory
Drone/Device Data	Unique Identification Number (UIN), drone make/model, firmware version, serial number	Mandatory
Location Data	Real-time GPS coordinates, flight path, takeoff/landing locations, altitude	Mandatory during flight
Flight Logs	Date/time of flights, duration, distance, speed, battery status, flight status	Mandatory
Device Information	Android device ID, OS version, app version, IP address	Automatic
Sensor & Telemetry Data	IMU data, camera metadata (if applicable), payload data	Automatic during flight
Communications	Feedback, support requests, in-app messages	Optional

We practice data minimisation — we only collect data that is strictly necessary for the purposes described in this policy.

4 Why We Collect This Data (Purpose & Legal Basis)

Under the DPDP Act 2023, we must have a lawful basis for processing your data. We collect data for the following purposes:

App functionality & service delivery – To enable drone registration, flight planning, and operational management.
DGCA regulatory compliance – To maintain flight logs and submit reports as required under the Drone Rules, 2021.
Safety & airspace management – To enforce NPNT (No Permission No Takeoff), geofencing, and real-time airspace compliance.
User authentication & security – To verify pilot credentials and prevent unauthorized use.
Customer support – To respond to queries, complaints, and feedback.
Product improvement – Aggregated and anonymized data may be used to improve app features.
Legal obligations – To comply with lawful requests from DGCA, law enforcement, or courts.

5 Location Data Collection

Important: This App collects precise real-time GPS location data from your device and the drone during flight operations. This is essential for DGCA compliance and operational safety.

Specifically, we collect:

Your device's GPS location (pilot's ground position)
The drone's real-time GPS coordinates throughout the flight
Takeoff and landing coordinates
Flight path (full route trajectory)
Altitude above ground level (AGL)

Why location data is mandatory: Under DGCA Drone Rules 2021, all drones must support NPNT and real-time tracking via the Digital Sky platform. Our App fulfills this requirement. Disabling location access will prevent the App from functioning.

Background Location: If your Android device prompts for "Allow all the time" location permission, this is required for active flight monitoring. We do not collect location when the App is not in use or when no flight is active.

Consent: By granting location permission, you provide explicit, verifiable consent as required under the DPDP Act 2023. You may withdraw consent at any time by revoking the permission in your device settings, which will disable flight features.

6 DGCA Compliance & DigitalSky Platform

Our App is designed to operate in alignment with the DGCA Drone Rules, 2021 and integrates with the DigitalSky Platform (digitalsky.dgca.gov.in) for the following:

NPNT (No Permission No Takeoff): Flights are automatically blocked in restricted zones without a valid DGCA permission artefact.
UIN Verification: All drones must have a valid Unique Identification Number registered on DigitalSky.
Remote Pilot Certificate (RPC): Commercial operators must hold a valid RPC issued by a DGCA-approved RPTO.
Flight Logging: All flight data is logged in the format prescribed by DGCA and may be submitted to the Digital Sky platform as required.
Airspace Classification: The App enforces Green, Yellow, and Red zone airspace rules:
- Green Zone: No prior permission needed below 400 ft.
- Yellow Zone: Permission required before flying.
- Red Zone: No drone operations permitted.

Flight data shared with the DigitalSky Platform is governed by DGCA's own privacy terms. We are not responsible for DGCA's data handling practices.

7 Pilot Responsibilities

All registered pilots and operators using this App bear personal responsibility for the following:

Complying with all applicable DGCA guidelines, Drone Rules 2021, and the Bharatiya Vayuyan Adhiniyam, 2024.
Obtaining necessary flight permissions via the DigitalSky platform before every flight in controlled airspace.
Holding a valid Remote Pilot Certificate (RPC) for commercial drone operations.
Ensuring the drone holds a valid UIN and type certification.
Maintaining Visual Line of Sight (VLOS) at all times unless BVLOS permission is explicitly granted.
Refraining from flying over private property, sensitive areas, crowds, hospitals, schools, or government buildings without explicit authorization.
Obtaining explicit consent from individuals before capturing identifiable images or videos.
Not sharing App credentials with unauthorized persons.
Reporting any incidents, accidents, or near-misses to DGCA as legally required.

Violation of DGCA regulations may result in suspension of pilot privileges, cancellation of UIN, monetary penalties, or criminal liability under applicable Indian law. The App Developer shall not be liable for any violation by pilots.

8 Data Storage & AWS Encryption

All data collected by this App is securely stored on Amazon Web Services (AWS) infrastructure using industry-standard practices:

Encryption at rest: All stored data is encrypted using AES-256 encryption.
Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2/1.3 protocols (HTTPS).
Access controls: Only authorized personnel have access to raw user data, governed by role-based access control (RBAC).
AWS Security Certifications: AWS infrastructure complies with ISO 27001, SOC 2, and other international security standards.
Backup & redundancy: Data is backed up regularly to prevent accidental loss.
Secure API: All App-to-server communication uses authenticated, signed API calls to prevent interception or replay attacks.

9 Cross-Border Data Transfers

Amazon Web Services may store and process your data in data centers located outside India (e.g., Singapore, US East). By using this App, you consent to this transfer.

We ensure that such transfers are protected by:

AWS Data Processing Agreements (DPA) with standard contractual clauses.
AWS compliance with international privacy frameworks.
End-to-end encryption ensuring data remains secure regardless of storage location.

We will migrate to AWS India (ap-south-1) region to the extent possible to keep data within Indian jurisdiction, in alignment with anticipated DPDP Act 2023 rules on data localisation.

10 Geofencing & No-Fly Zone Enforcement

Our App implements geofencing technology that automatically restricts drone operations in unauthorized zones:

Real-time cross-referencing with DGCA's Digital Sky airspace map.
Automatic flight blocking in Red Zones (restricted/prohibited areas).
Warning alerts when approaching Yellow Zones requiring permissions.
Enforcement of altitude limits (maximum 400 ft / 120 m AGL in Green Zones).
Restricted zones include: airports, international borders (minimum 25 km buffer), military installations, nuclear plants, and government-notified sensitive areas.

Geofencing data is pulled from live DGCA databases and updated regularly. The accuracy of geofence boundaries depends on the currency of DGCA's data. Pilots remain personally responsible for verifying flight permissions.

11 Data Retention Policy

We retain all collected data indefinitely. Flight logs, location data, telemetry, and operational records form part of a mandatory regulatory audit trail and must be preserved to ensure compliance with DGCA regulations and to support security audits.

Data Type	Retention Period	Reason
User account data	Indefinite	Audit integrity and security
Flight logs & telemetry	Indefinite	Regulatory compliance, processing logs, and security audits
Location data	Indefinite	Safety investigations and audit trail
Support communications	Indefinite	Dispute resolution and compliance records
Device & app logs	Indefinite	Security auditing and fraud prevention

After the retention period expires, Users cannot request deletion of flight or operational data. Deletion of such records would compromise the integrity of the audit trail and may constitute a violation of applicable laws and DGCA regulations.

12 Third-Party Sharing & Disclosure

We do not sell your personal data to third parties. We may share data in the following circumstances:

DGCA / DigitalSky Platform: Flight logs, UIN data, and pilot credentials are shared as mandated by the Drone Rules, 2021.
Amazon Web Services (AWS): Our cloud hosting and storage provider. AWS acts as a data processor under our agreement.
Law enforcement & regulatory authorities: Where required by law, court order, or lawful request from DGCA, MoCA, or other government agencies.
Analytics providers: Anonymized and aggregated data may be shared with analytics tools for app improvement. No personally identifiable information is shared.
Emergency situations: In case of a reported drone accident or incident, relevant flight data may be shared with emergency responders or DGCA accident investigation teams.

We are legally obligated to share flight data with DGCA upon request. You cannot opt out of this disclosure as it is a mandatory regulatory requirement under the Drone Rules, 2021.

13 Your Rights Under the DPDP Act 2023

As a Data Principal under India's Digital Personal Data Protection Act, 2023, you have the following rights:

Right to Access: Request a copy of all personal data we hold about you.
Right to Correction: Request correction of inaccurate or incomplete data.
Right to Withdraw Consent: Withdraw consent for future data collection not required by law. Note: Withdrawing location consent will disable flight features. Previously collected flight and operational data cannot be deleted as it forms part of a mandatory audit trail.
Right to Grievance Redressal: Lodge complaints with our Grievance Officer (see Section 17).
Right to Nominate: Nominate another person to exercise your rights in case of death or incapacity.

To exercise any of these rights (other than deletion of flight or operational data, which is not permitted under our retention policy), email us at pavaman.official@gmail.com with the subject line "DPDP Rights Request." We will respond within 30 days of receiving your request.

14 Children's Privacy

This App is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. Drone operations under DGCA rules require pilots to be at least 18 years of age to hold a Remote Pilot Certificate.

If we become aware that a minor has registered on the App, we will immediately suspend the account and delete the associated data. If you believe a minor has accessed our App, please contact us at pavaman.official@gmail.com.

15 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

Notify the Data Protection Board of India (once constituted under DPDP Act 2023) within the prescribed timeline.
Notify affected users via email and in-app notification within 72 hours of becoming aware of the breach.
Provide details of: the nature of the breach, data compromised, likely consequences, and remedial steps taken.
Take immediate technical measures to contain the breach and prevent recurrence.

Immediately change your App password and contact us if you suspect unauthorized access to your account.

16 Developer Liability & Disclaimer

While we take every reasonable measure to provide a secure and reliable service, the following limitations apply:

The App is provided "as is" and we do not guarantee uninterrupted availability or error-free operation.
We are not liable for any damages arising from incorrect use of the App, violations of DGCA regulations by pilots, or third-party service failures (including AWS outages).
We are not responsible for any accidents, property damage, bodily injury, or third-party claims arising from drone operations conducted using this App. Pilots and operators bear full personal legal responsibility.
Geofencing data is sourced from DGCA databases and may not always reflect real-time changes. Pilots must independently verify airspace restrictions before every flight.
We recommend all operators obtain adequate third-party liability insurance as recommended by DGCA for commercial drone operations.

Nothing in this disclaimer limits our liability where such limitation is prohibited by applicable Indian law.

17 Grievance Officer & Redressal

In compliance with the DPDP Act 2023 and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have designated a Grievance Officer:

Grievance Officer: Pavaman Aviation

Email: pavaman.official@gmail.com

Response Time: We will acknowledge grievances within 48 hours and resolve them within 30 days of receipt.

Escalation: If unsatisfied with our resolution, you may approach the Data Protection Board of India once it becomes operational under the DPDP Act 2023.

18 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, DGCA regulations, or our data practices. We will notify you of material changes by:

Posting the updated policy within the App and on our support page.
Sending an email notification to your registered email address.
Requiring re-acceptance of the updated policy upon next App login.

Your continued use of the App after being notified of changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

19 Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Developer: Pavaman Aviation