1. Controller
The data controller responsible for personal data processed on this site is:
Machine Learning & Artificial Intelligence
Blombergstraße 11 C
82393 Iffeldorf, Germany
Phone: +49 (0) 171 8609029
Email: privacy@vigilsar.com
2. What data we collect
We minimise data collection. We process the following categories of personal data:
- Server logs — IP address, user agent, requested URL, timestamp, referrer. Retained for up to 14 days for security and debugging, then deleted.
- Contact form & email — name, email address, message content. Stored only for the duration needed to answer your inquiry.
- Account data (platform users only) — email address, hashed password or OAuth identifier, workspace membership, API keys you configure.
- Analytics — we use privacy-respecting, aggregated analytics. No third-party tracking cookies, no ad networks, no cross-site fingerprinting.
3. Legal basis for processing
- Art. 6 (1) (b) GDPR — performance of contract (platform access, demos).
- Art. 6 (1) (f) GDPR — legitimate interest (security logging, fraud prevention).
- Art. 6 (1) (a) GDPR — consent (newsletters, optional communications).
4. Cookies
The marketing site uses only strictly necessary first-party cookies (e.g., to remember your theme preference). No tracking cookies, no advertising cookies. The platform (app.vigilsar.com) uses a session cookie to keep you logged in.
5. Third-party services
VigilSAR fetches open Earth-observation data from external providers on your behalf when you submit a search request. Your search geometry (polygon coordinates) and time range are forwarded to these providers so they can return matching imagery:
- Copernicus Data Space Ecosystem (ESA)
- NASA Earthdata / ASF DAAC
- ICEYE public STAC catalogue
- OpenStreetMap Overpass API, Open-Meteo, USGS, NASA FIRMS, OpenSky
- aisstream.io (AIS vessel stream)
These providers are independent controllers for their own data. No personally identifying information is shared with them.
6. Data retention
Server logs: up to 14 days. Contact inquiries: up to 24 months. Account data: until deletion is requested or the account is inactive for 36 months.
7. Your rights (GDPR)
You have the right to:
- Access your personal data (Art. 15 GDPR)
- Rectify inaccurate data (Art. 16 GDPR)
- Erasure / "right to be forgotten" (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing (Art. 21 GDPR)
- Lodge a complaint with a supervisory authority
To exercise any of these rights, email privacy@vigilsar.com. We respond within 30 days.
8. Security
All data is transmitted over TLS 1.2+. Passwords are hashed with bcrypt. The platform supports self-hosting so that sensitive operational data never leaves your network.
9. Changes to this policy
We may update this policy to reflect product or legal changes. Material changes will be announced on this page with a revised "last updated" date.
10. Contact
Questions about this policy? Email privacy@vigilsar.com.