Privacy Policy

1. Introduction

DFW Site Metrics LLC ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our drone volumetric measurement services and digital platform ("Services"). By creating an account or using our Services, you consent to the data practices described in this policy. This policy should be read in conjunction with our Terms of Service.

2. Data Ownership

Raw data collected during drone operations — including aerial imagery, point clouds, orthomosaic maps, and GPS flight data — is the exclusive property of DFW Site Metrics LLC. Final reports and volumetric measurement data are licensed to you under a perpetual, non-exclusive license as described in Section 9 of our Terms of Service. For complete details on data ownership, client data licensing, and retention rights, see Section 9 of our Terms of Service.

3. Information We Collect

3.1 Information You Provide

• Account Information: Full name, email address, phone number, company name, job title
• Site Information: Physical addresses, GPS coordinates, access instructions, emergency contacts, site names
• Material Data: Material types, density factors, pricing information, proctor data, scale calibration records
• Payment Information: Credit card details and billing information (processed securely through Stripe; we do not store full card numbers)
• Uploaded Documents: Scale tickets, delivery records, mill certificates, lab reports, belt scale readings, batch ticket logs, and other documents you upload for processing
• Communications: Messages, support requests, and correspondence you send to us

3.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken on the Platform, timestamps of activity
• Device Information: Browser type and version, operating system, screen resolution
• Network Information: IP address, approximate geographic location derived from IP
• Session Data: Authentication tokens, session identifiers, session duration
• Cookies: Essential cookies for authentication and platform functionality (see Section 14)
• Shared Link Access Data: IP addresses and timestamps of individuals who access reports via shared links

IP addresses collected during session tracking are partially masked (last octet removed) before storage to minimize personal data retention. Full IP addresses are not stored beyond the active request.

3.3 Survey Data

• Aerial Imagery: High-resolution photographs and video captured by our drone equipment during site surveys
• Geolocation Data: GPS coordinates of survey boundaries and stockpile locations
• Measurement Data: Volumetric calculations, surface area measurements, elevation models, cut/fill analyses
• Environmental Data: Weather conditions at time of survey, flight parameters, equipment metadata

Note: GPS coordinates and precise geolocation data collected during drone surveys may constitute sensitive personal data under applicable privacy laws, including the TDPSA and CCPA. We process this data only as necessary to provide the Services and apply the security measures described in Section 8. We do not use geolocation data for purposes beyond service delivery, site identification, and compliance.

4. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Performing drone surveys, processing photogrammetric data, generating reports, and providing platform access
• Account Management: Creating and managing your account, processing payments, communicating about your service
• Platform Improvement: Analyzing usage patterns to improve features, fix bugs, and enhance user experience
• Communications: Sending service updates, scheduling notifications, report delivery alerts, billing reminders, and security notices
• Compliance: Meeting legal obligations, responding to regulatory requests, and maintaining audit trails
• Safety and Security: Detecting and preventing fraud, unauthorized access, and abuse of our services
• Data Analysis: Creating anonymized and aggregated datasets for market research and industry analysis (see Section 6)

4.5 Communication Preferences

SMS Communications. We may send you two categories of text messages: (a) transactional messages relating to your account and Services (e.g., flight scheduling, report delivery, calibration reminders), and (b) marketing messages (e.g., promotions, new feature announcements). We will only send marketing messages with your prior express written consent, which you may provide through our self-service confirmation page. For transactional messages, your designated representative may provide consent on your behalf by recorded verbal affirmation or documented written confirmation. Message frequency varies; message and data rates may apply. Reply STOP to opt out of all marketing messages from any number we use, or HELP for help. Opting out of marketing messages does not affect transactional messages necessary to provide the Services. You may also manage SMS preferences in your account settings.

Email Communications. Email notifications include unsubscribe links in accordance with CAN-SPAM requirements. Transactional emails (account setup, report delivery, security alerts) cannot be unsubscribed from while your account is active.

Essential Communications. You cannot opt out of essential service communications such as security alerts, breach notifications, legal notices, and Terms of Service updates.

5. Data Processing Chain

Your data is processed through the following chain in the course of our Services:

1. Data Capture: DFW Site Metrics conducts drone flights at your site, collecting aerial imagery and GPS data using commercial-grade equipment.
2. Photogrammetric Processing: Raw imagery is processed into orthomosaic maps, point clouds, and elevation models using software operated by DFW Site Metrics on U.S.-based cloud infrastructure (see Section 16).
3. Volumetric Analysis: DFW Site Metrics retrieves processed outputs and applies proprietary analysis methods to calculate volumes, tonnages, and generate comparative reports.
4. Delivery and Storage: Final reports and data are stored on our Platform and made available through your account dashboard. Platform hosting, database, and delivery providers are listed in Section 7.

By using our Services, you acknowledge and consent to this processing chain.

6. Anonymized and Aggregated Data

DFW Site Metrics may create anonymized and aggregated datasets from information collected through our Services. Anonymized data is stripped of all personally identifiable information and any information that could reasonably be used to identify a specific client, company, or site location. We may use, sell, license, publish, or otherwise commercialize anonymized and aggregated data for lawful purposes including:

• Regional and industry-level inventory trend analysis
• Construction and aggregate market research
• Academic and industry publications
• Benchmarking services for the construction materials industry

We do not currently sell personal information as defined by applicable privacy laws. If our practices change in the future, we will update this policy and provide notice as required by law.

7. Information Sharing and Third-Party Services

We do not sell your personal information. We share information with the following categories of recipients:

Service Providers (Data Processors)

• Supabase (Functional, Inc.): Authentication and database hosting. Data shared: account data, all platform data.
• Stripe: Payment processing (PCI DSS Level 1 compliant). Data shared: payment card details, billing address, email address, transaction amounts, and purchase metadata. Stripe processes payments in accordance with its own privacy policy (stripe.com/privacy). We do not store full credit card numbers on our servers.
• Vercel: Application hosting and CDN. Data shared: all platform traffic and data.
• Resend: Transactional email delivery. Data shared: email addresses, notification content.
• Twilio: SMS notification delivery. Data shared: phone numbers, message content.
• Anthropic (Claude AI): AI-assisted document extraction and report narrative generation. Data shared: (a) uploaded documents (scale tickets, calibration certificates, proctor sheets, lab reports, batch tickets, invoices, belt scale totalizer photos) submitted for processing; (b) CSV column headers and sample rows from uploaded import files for schema mapping; and (c) summary figures from monthly intelligence reports (inventory values, reconciliation variances, material names and grades, and anomaly descriptions) used to generate the executive-summary narrative. No raw aerial imagery, site coordinates, or end-user personal data is sent to Anthropic. Anthropic processes data in accordance with its own privacy policy.

Each provider operates under their own privacy policies and is contractually bound to use data only for the specified purposes.

Other Disclosures

• Professional Advisors: Lawyers, accountants, and auditors when reasonably necessary.
• Law Enforcement: When required by law, subpoena, court order, or to protect rights and safety.
• Business Transfers: In connection with a merger, acquisition, or sale of substantially all assets, with notice to affected users.
• With Your Consent: When you explicitly authorize sharing (e.g., using our shared links feature to share reports with auditors or lenders).
• Federal Aviation Administration (FAA): Flight authorization data is shared with the FAA through the LAANC (Low Altitude Authorization and Notification Capability) system as required for legal drone operations in controlled airspace. Additionally, drone operations broadcast location information via Remote ID as required by 14 CFR Part 89.

8. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption: Data encrypted in transit (TLS/HTTPS) and at rest
• Access Controls: Role-based access control, row-level security (RLS) at the database level
• Authentication: Secure authentication with session management, rate limiting, and account lockout protections
• Audit Logging: Comprehensive logging of administrative actions and security-relevant events
• Session Management: Active session tracking with heartbeat monitoring, automatic timeout, and remote session revocation
• Infrastructure: Enterprise-grade cloud infrastructure with automated security patching

No method of electronic transmission or storage is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

9. Data Breach Notification

In the event of a security breach involving your personal information, we will:

• Investigate the incident promptly and take steps to contain and remediate the breach
• Notify affected users without unreasonable delay, as required by applicable law (including Texas Business and Commerce Code Section 521.053)
• Provide notification via email to the address associated with your account, and where required by law, by additional methods such as conspicuous posting on our website
• Include in the notification: a description of the incident, the types of information involved, steps we are taking in response, and recommendations for actions you can take to protect yourself
• Notify the Texas Attorney General if the breach affects 250 or more Texas residents, as required by law
• Cooperate with law enforcement as appropriate

We maintain an incident response plan and conduct periodic reviews to ensure preparedness.

10. Data Retention

We retain different categories of data for different periods:

After the applicable retention period, data is securely deleted or irreversibly anonymized. You may request earlier deletion of your personal data (see Section 11), subject to our legal retention obligations.

11. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Right to Access: Request a copy of the personal information we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Deletion: Request deletion of your personal data, subject to legal retention requirements
• Right to Data Portability: Request your data in a commonly used, machine-readable format
• Right to Object: Object to certain processing activities
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Opt Out of Sale: Opt out of the sale of your personal information (we do not currently sell personal information)
• Right to Withdraw Consent: Withdraw previously given consent at any time

To exercise any of these rights, contact us at privacy@dfwsitemetrics.com. We will respond within the timeframes required by applicable law (generally 45 days).

12. Texas Data Privacy and Security Act (TDPSA) Compliance

If you are a Texas resident, you have the following rights under the TDPSA:

• Right to Know: What personal data we collect and how it is used
• Right to Access: Obtain a copy of your personal data
• Right to Correct: Correct inaccuracies in your personal data
• Right to Delete: Request deletion of your personal data
• Right to Data Portability: Receive your data in a portable format
• Right to Opt Out of Sale: We do not currently sell personal data; anonymized/aggregated data as described in Section 6 does not constitute personal data under the TDPSA
• Right to Opt Out of Targeted Advertising: We do not engage in targeted advertising
• Right to Opt Out of Profiling: We do not engage in profiling that produces legal or similarly significant effects

Universal Opt-Out Signals: We recognize and honor Global Privacy Control (GPC) and similar universal opt-out signals as required by the TDPSA. However, as we do not currently sell personal data or engage in targeted advertising, these signals do not result in a change to our processing activities — our default behavior already aligns with opt-out preferences.

To Exercise Your Rights: Contact privacy@dfwsitemetrics.com with your request.

Response Timeline: We will acknowledge your request within 10 business days and respond substantively within 45 days. If additional time is needed, we will notify you of a 45-day extension.

Appeal Process: If your request is denied, you may appeal by contacting us at privacy@dfwsitemetrics.com with "TDPSA Appeal" in the subject line. We will respond to appeals within 60 days.

13. California Consumer Privacy Act (CCPA) Compliance

If you are a California resident, you have additional rights under the CCPA:

Categories of Personal Information Collected

• Identifiers (name, email, phone, IP address)
• Commercial information (purchase history, subscription status)
• Internet/electronic activity (usage data, session data)
• Geolocation data (site coordinates, IP-derived location)
• Professional information (company name, job role)

Your CCPA Rights

• Right to Know: What personal information is collected, used, and disclosed
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate personal information we hold about you
• Right to Opt-Out of Sale: We do not sell personal information as defined by the CCPA; anonymized and aggregated data is not "personal information" under the CCPA
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
• Authorized Agents: You may designate an authorized agent to make requests on your behalf with proper verification

To exercise CCPA rights, contact privacy@dfwsitemetrics.com or call (469) 402-2861.

14. Cookies and Tracking

We use only essential cookies required for platform functionality:

• Authentication Cookies: Maintain your logged-in session
• Security Cookies: CSRF protection and rate limiting
• Preference Cookies: Remember your display preferences

We do not use third-party advertising cookies, tracking pixels, or behavioral analytics tools. You can control cookies through your browser settings, but disabling essential cookies may prevent you from using the Platform.

15. Children's Privacy

Our Services are intended for business use by individuals 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from someone under 18, we will promptly delete it.

16. International Data Transfers

Our Services are operated from the United States. All data is processed and stored within the United States using U.S.-based cloud infrastructure providers, including the application hosting, database, and photogrammetric compute environments described in Section 5 and the service providers listed in Section 7. If you access our Services from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.

17. Changes to This Policy

We may update this Privacy Policy periodically. For material changes, we will provide at least 30 days' notice via email and/or notification on the Platform. We may require you to re-acknowledge updated policies before continuing to use the Services. The version number at the top of this page indicates the current version. Your continued use of our Services after changes take effect constitutes acceptance of the updated policy.

18. Contact Information

For questions about this Privacy Policy or our data practices:

DFW Site Metrics LLC
Privacy Inquiries
Email: privacy@dfwsitemetrics.com
Phone: (469) 402-2861
Rowlett, Texas

For TDPSA or CCPA requests, please include "Privacy Rights Request" in your subject line.

Version History