Last updated: 14 April 2026
This privacy policy explains what personal data we process when you visit this website, contact us, register for a user account, buy DLSE software licenses, or buy physical goods in the DroneBridge Shop. Personal data is any information that can identify you directly or indirectly.
We collect data that you provide to us, for example through contact forms, account registration, checkout, payment, billing, shipping, support requests or license activation workflows. We also collect technical data automatically when you use the website, such as access times, browser data and security-related request data.
We process data to operate this website, provide secure access to accounts, process orders and payments, issue invoices, deliver software licenses and physical goods, send transactional emails, handle support, prevent abuse and comply with legal obligations.
You have the right to information, correction, deletion, restriction of processing, data portability and objection within the limits of applicable law. If processing is based on consent, you can withdraw that consent at any time for the future. You also have the right to lodge a complaint with a data protection supervisory authority.
The controller responsible for data processing on this website is:
foremost systems UG (haftungsbeschränkt)
Wagnergasse 9
84034 Landshut
Germany
E-mail: info@foremost-systems.com
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
This website and related application functions are hosted and protected using services provided by Cloudflare. Depending on the function used, this includes content delivery, security filtering, serverless application execution, database storage and key-value storage.
Cloudflare may process technical data such as IP addresses, request metadata, browser information, security events and server logs. For shop and account functions, application data may also be stored or processed in Cloudflare Workers, Cloudflare D1 and Cloudflare KV. This can include cart identifiers, cart contents, account data, order data, license data and technical processing records.
The legal bases are Art. 6(1)(b) GDPR where processing is required to provide requested website, account, checkout, order or license functions, Art. 6(1)(f) GDPR for secure and efficient operation of the website, and Art. 6(1)(c) GDPR where processing is required to comply with legal obligations.
Further information is available from Cloudflare: Cloudflare DPA and Cloudflare SCCs.
We process personal data on the following legal bases, depending on the specific processing activity:
If we store information on your device or access information on your device, this is done in accordance with § 25 TDDDG. Technically necessary storage, such as a shopping cart cookie, can be used without consent where it is required to provide a service expressly requested by you.
Unless a more specific storage period is stated below, personal data is stored only for as long as necessary for the relevant purpose. Data may be stored longer if statutory retention duties apply, for example under commercial or tax law, or if we need the data to establish, exercise or defend legal claims.
Order, invoice, accounting and payment records are generally retained for 10 years where required under German tax and commercial law, in particular § 147 AO and § 257 HGB. Business letters and commercial correspondence are generally retained for 6 years where required under these rules. Cart data is short-lived and is generally retained for up to 24 hours or until the cart is cleared. Account and license data is retained for as long as the account or license relationship exists and thereafter only as long as legally required or necessary for legitimate claims.
If you contact us by contact form, e-mail or other communication channels, we process the data you provide, such as name, e-mail address, message content and related metadata, to handle your request and follow-up questions.
The legal basis is Art. 6(1)(b) GDPR where the request relates to a contract or pre-contractual measures. Otherwise, processing is based on Art. 6(1)(f) GDPR, our legitimate interest in responding to inquiries. If consent is requested, processing is based on Art. 6(1)(a) GDPR.
You can register for a user account to manage DLSE software licenses, purchases and related downloads or account functions. During registration and account use, we may process the following data:
We process this data to create and manage your account, verify your e-mail address, process DLSE license purchases, provide license credits or activation data, make downloads or documents available, issue invoices, provide support and prevent misuse.
The legal bases are Art. 6(1)(b) GDPR for account creation, login, license purchase and contract performance, Art. 6(1)(c) GDPR for accounting, tax and legal retention duties, and Art. 6(1)(f) GDPR for security, fraud prevention, abuse prevention and support.
When you use the DroneBridge Shop for physical goods, we process data needed to provide the cart, checkout, inventory reservation, order handling, shipping and customer communication.
Cart data can include a cart ID, product or Stripe price IDs, quantities and cart timestamps. The cart ID is
stored in the technically necessary cookie shop_cart_id. Cart contents are stored server-side
and are generally retained for up to 24 hours or until the cart is cleared.
Order data can include the Stripe Checkout session ID, payment intent ID, invoice ID, invoice URL, customer e-mail address, shipping country, shipping address, billing address, purchased items, quantities, prices, taxes, order status, tracking number, tracking URL and timestamps.
The legal bases are Art. 6(1)(b) GDPR for cart, checkout, order and shipping processing, Art. 6(1)(c) GDPR for invoices, accounting and tax duties, and Art. 6(1)(f) GDPR for inventory reservation, fraud prevention, support and operational reliability.
We use Stripe to process payments, create checkout sessions, create customer records where required, support invoices, calculate taxes where enabled, and receive payment/order status through Stripe webhooks.
During checkout, Stripe may process data such as name, e-mail address, billing address, shipping address, payment method details, transaction amount, currency, purchase date, payment status, invoice data, device and browser data, fraud prevention data and authentication data. Payment details such as card numbers or CVC are entered with Stripe and are not stored by us.
We may receive and store Stripe identifiers and order-related data, such as customer ID, checkout session ID, payment intent ID, invoice ID, invoice URL, payment status, line items, billing address, shipping address and e-mail address, where needed for order processing, accounting, support and fraud prevention.
The legal bases are Art. 6(1)(b) GDPR for payment and contract processing, Art. 6(1)(c) GDPR for accounting and tax obligations, and Art. 6(1)(f) GDPR for secure payment processing, fraud prevention and dispute handling.
Stripe may act as a processor for us and as an independent controller for certain regulatory, fraud prevention and payment network purposes. Further information is available in Stripe's privacy policy: https://stripe.com/privacy.
For physical goods, we process shipping data to deliver your order. This can include recipient name, shipping address, e-mail address, order contents, product descriptions, order value, customs information, tracking number and tracking URL.
We may share the data required for delivery with shipping carriers, postal service providers, customs authorities, export/import service providers or other logistics partners where necessary for delivery, customs clearance, export checks, tracking or legal compliance.
The legal bases are Art. 6(1)(b) GDPR for delivery of the order, Art. 6(1)(c) GDPR for customs, export, accounting or tax obligations, and Art. 6(1)(f) GDPR for reliable logistics and shipment tracking.
We use Resend, Inc. to send transactional e-mails. These can include account verification, password reset, order confirmations, software download messages, invoice links, shipping notifications, tracking information and support-related e-mails.
Data processed for e-mail delivery can include the recipient e-mail address, name where available, order or license identifiers, purchased items, shipping address information included in order confirmations, invoice links, tracking information and e-mail delivery metadata.
The legal bases are Art. 6(1)(b) GDPR for transactional e-mails needed to provide accounts, licenses, orders and support, Art. 6(1)(c) GDPR where e-mails are required for legal obligations, and Art. 6(1)(f) GDPR for reliable delivery and operational security.
Resend acts as a processor for e-mail delivery. Resend states that customer data is stored in the United States and that its DPA includes Standard Contractual Clauses for EU-US transfers. Further information: https://resend.com/security/gdpr and https://resend.com/security.
We use Simple Analytics to understand how the website is used and to measure selected events, such as product views, downloads or button clicks. We use this information to improve the website and understand which pages and features are useful.
Simple Analytics describes its service as privacy-friendly analytics without tracking cookies. The legal basis is Art. 6(1)(f) GDPR, our legitimate interest in measuring and improving the website in a privacy-friendly way. Further information is available at: https://docs.simpleanalytics.com/privacy.
Simple Analytics is based in the EU; no international transfer.
We use Cloudflare Turnstile to protect forms and website functions from automated abuse, spam and attacks. Turnstile checks whether interactions are likely to come from a human user or automated software.
For this purpose, Cloudflare may process technical data such as IP address, browser and device information, interaction data, page data and security signals. The legal basis is Art. 6(1)(f) GDPR, our legitimate interest in protecting this website from abuse. Any access to or storage of information on your device that is necessary for this protection function is based on the technically necessary exemption under § 25(2) TDDDG and does not require consent.
Further information is available from Cloudflare: https://www.cloudflare.com/cloudflare-customer-dpa/.
We disclose personal data only where this is necessary for contract performance, legal obligations, legitimate interests, consent-based processing or other lawful reasons. Recipients can include hosting and infrastructure providers, payment providers, e-mail delivery providers, shipping carriers, customs authorities, tax advisors, authorities, courts, banks or other service providers required for website, account, shop, license, payment, delivery, accounting or support functions.
Where service providers act as processors, we use data processing agreements where required by Art. 28 GDPR.
Some providers may process data outside the European Union or European Economic Area, especially in the United States. Where required, transfers are based on adequacy decisions, EU Standard Contractual Clauses, the EU-US Data Privacy Framework where applicable, or other lawful transfer mechanisms.
This website uses SSL or TLS encryption to protect confidential content such as orders, login data and
inquiries. You can recognize an encrypted connection by the lock symbol in your browser and by the
https:// address.
You have the right to request information about your stored personal data, its origin, recipients and processing purposes. You also have the right to request correction and the right to erasure under Art. 17 GDPR where the legal requirements are met.
You have the right to request restriction of processing where the legal requirements are met, for example while the accuracy of data is being checked or where data is no longer needed by us but is needed by you for legal claims.
You have the right to receive data that we process automatically on the basis of consent or contract in a commonly used, machine-readable format, or to have it transferred to another controller where technically feasible.
If processing is based on consent, you can withdraw that consent at any time for the future. Processing carried out before withdrawal remains lawful.
If processing is based on Art. 6(1)(e) or Art. 6(1)(f) GDPR, you have the right to object at any time for reasons arising from your particular situation. If you object, we will no longer process the affected data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
If your personal data is processed for direct marketing, you have the right to object at any time. We will then no longer process the affected data for direct marketing.
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work or place of the alleged infringement.
We may update this privacy policy when the website, shop, account functions, service providers or legal requirements change. The version published on this page applies.