Privacy Policy

1. Data We Collect

We collect data necessary to provide the Service. This includes:

Account Information

• Email address, name, and password hash (passwords are never stored in plaintext)
• Amateur radio callsign (when linked via QRZ or manual entry)
• GX phone numbers and GX email addresses allocated to your account
• Subscription status and payment information (processed by Stripe - we do not store full card numbers)

Device & Identity Data

• Linked device identifiers: node IDs, callsigns, serial numbers, ICAO hex codes
• Browser device fingerprint (for GRSM devices): a SHA-256 hash derived from browser and hardware characteristics (screen resolution, GPU renderer, CPU core count, timezone, user agent). This is deterministic device identification, not behavioral tracking - we do not track browsing activity, cookies, or cross-site behavior
• Device metadata: user agent string, screen dimensions, platform (reported during GRSM registration)
• Device telemetry from GRS Mesh firmware: battery voltage, GPS position (when GPS is enabled), signal strength, boot count, crash reports

Communication Data

• APRS messages sent through the gateway (positions, messages, telemetry, objects)
• SMS messages relayed through SMSSender (message content, sender, recipient, delivery status)
• Mesh messages sent via GRS Mesh, Meshtastic, or MeshCore bridges
• Voice room participation metadata (room ID, join/leave times) - voice audio is not recorded or stored
• Email messages sent via GX email or Winlink bridge

Map & Location Data

• GPS positions transmitted by your devices (APRS beacon, mesh beacon, ADS-B, AIS)
• Organization zone boundaries and map annotations
• RF scanner session data (signal types, frequencies, signal strengths - when you use the RF scanner feature)

Usage Data

• Feature usage patterns and page views for product improvement
• API usage (endpoint calls, rate limit events) for developer accounts
• Compliance and audit logs (security-relevant actions: login, permission changes, device registrations)

2. How We Use Your Data

• Operate the Service: route messages, display map data, manage device identities, process voice calls
• Device identity and security: resolve inbound data to the correct user account, detect stolen or banned devices, enforce hardware bans
• Compliance: enforce TCPA opt-in requirements for SMS, maintain FCC Part 97 compliance records, log security-relevant events for audit purposes
• Abuse prevention: detect and prevent impersonation, spam, unauthorized device manipulation, and rate limit violations
• Product improvement: analyze aggregate usage patterns to improve features (we do not use individual message content for this purpose)
• Communications: send account-related notifications (password resets, subscription changes, device alerts)

We do not sell your personal data to third parties. We do not use your data for advertising targeting.

3. Data Sharing

We share data only as necessary to provide the Service:

• APRS-IS network: APRS positions and messages are transmitted to the public APRS-IS network, which is inherently open. Anyone with an APRS receiver can see this data.
• Meshtastic MQTT: messages sent via Meshtastic pass through the public Meshtastic MQTT broker (mqtt.meshtastic.org)
• SMS provider (Vonage): phone numbers and message content are shared with our SMS provider for message delivery
• Payment processor (Stripe): payment information is processed by Stripe under their privacy policy
• Satellite provider (Iridium): Skybridge messages are transmitted via the Iridium satellite network
• Weather services: your approximate location may be sent to weather API providers (RainViewer, OpenWeatherMap, NWS) to fetch local weather data
• Organization members: within an organization, your name, callsign, role, and operational data are visible to other authorized members per the organization's access settings
• Law enforcement: we may disclose data if required by law, court order, or government request

4. Device Fingerprinting

GRSM devices (browser-based mesh nodes) use a device fingerprint for persistent identity. This fingerprint is:

• A SHA-256 hash of stable hardware signals: screen resolution, color depth, device pixel ratio, GPU renderer, CPU core count, timezone name, user agent, and touch capability
• Stored in your browser's localStorage and on our server (associated with your user account)
• Used only for device identification - analogous to reading a hardware MAC address, not behavioral tracking
• Not shared with any third party
• Automatically invalidated if you clear all site data, switch browsers, or use incognito mode

You may erase your GRSM device identity at any time using the "Erase All Content & Settings" option, which resets your device to factory state while preserving the underlying hardware identity for re-registration.

5. Data Retention

• Account data: retained while your account is active, deleted upon account deletion request
• Messages (APRS, SMS, mesh): retained for up to 90 days for delivery and debugging, then purged
• Position data: retained for up to 30 days for map display, then aggregated or purged
• Compliance and audit logs: retained for up to 7 years as required by applicable regulations
• Device telemetry and crash reports: retained for up to 1 year for diagnostics
• Stolen device reports: retained indefinitely while the report is active, deleted when cancelled
• RF scanner sessions: retained until you delete them from the dashboard
• GRS Vault files: retained while your account is active, encrypted at rest with AES-256-GCM

6. Data Export & Deletion

You may request an export of your data or account deletion from the dashboard (Account → Settings) or by contacting support. Upon account deletion:

• Your account, linked devices, GX numbers, GX email addresses, and all associated data are permanently deleted
• Active subscriptions are cancelled
• Device registrations and linked identities are deactivated
• Organization memberships are removed (organization data is retained for other members)
• App Store submissions are unpublished
• Deletion is processed within 30 days in compliance with GDPR, CCPA, and applicable law

7. Security

We use industry-standard measures to protect your data:

• Passwords are hashed with bcrypt (never stored in plaintext)
• GRSM passcodes are hashed with SHA-256 on the server (raw passcode stored only in your browser's localStorage)
• All connections use TLS encryption in transit
• GRS Vault files are encrypted at rest with AES-256-GCM
• JWT authentication with httpOnly, secure, sameSite cookies
• API endpoints enforce CSRF origin checking
• Compliance logging tracks all security-relevant actions (login, permission changes, device registrations, data access)
• GRS Mesh firmware supports optional ESP32 Secure Boot v2 with ECDSA-P256 and AES-256-XTS flash encryption for production deployments

8. Cookies & Local Storage

We use the following browser storage:

• Authentication cookie: httpOnly JWT session token (required for the Service to function)
• localStorage: theme preference, map settings, device fingerprint, GRSM device state, beacon preferences, sidebar state
• sessionStorage: simulator session ID, transient UI state
• IndexedDB: offline map tile cache

We do not use third-party tracking cookies or analytics cookies. We do not use advertising cookies.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us and we will delete it.

10. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. For EU/EEA users, we process data under the legitimate interest legal basis for operating the Service. You have the right to access, rectify, erase, restrict processing, and port your data under GDPR. Contact us to exercise these rights.

11. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated via email, in-app notice, or dashboard notification. Continued use after changes constitutes acceptance.

12. Contact

For privacy requests, data export, account deletion, or questions about this policy, contact us at the support email listed on the site or use the support page.