Privacy Policy

Last updated: 2026/03/12

1. Who we are and when this policy applies

ClearSky Imagery ApS (trading as ClearSKY and, in some contexts, ClearSKY Vision) is the controller of the personal data described in this policy, unless we expressly state otherwise. You can contact us at [email protected]. We are registered in Denmark.

This policy applies to clearsky.vision, our dashboard, account services, contact and support flows, marketing pages, and other ClearSKY-controlled services that link to this policy, unless a more specific privacy notice applies.

In some cases, we process personal data on behalf of a business customer in connection with our B2B services. In those cases, the customer may be the controller for that data and ClearSKY may act as a processor under the applicable customer agreement and Data Processing Addendum.

2. What we collect

  • Service telemetry and security data: technical events and logs such as page paths, request timestamps, referrer, IP-derived network/security information, device/browser information, error logs, and abuse-prevention signals, used to operate, secure, troubleshoot, and improve the service.
  • Marketing and landing-page measurement: on selected pages (for example /try-cloudless/*) we may record pseudonymous page views, CTA clicks, page path, campaign parameters passed in the URL, referrer, browser information, coarse location such as country, and similar measurement data. Where used, hashed or otherwise pseudonymized identifiers are used for fraud prevention, deduplication, and measurement.
  • Dashboard and account usage data: sign-ins, account events, feature usage, support interactions, and service-operation events needed to provide the dashboard, protect against abuse, maintain security, and understand feature adoption.
  • Contact data: information you submit when contacting us or signing up for communications, such as email address, name, organisation, message contents, and related correspondence metadata.
  • Customer account and commercial data: account identifiers, subscription plan, billing metadata, invoices, VAT or tax-related information, and transaction records needed to provide and administer the service.
  • Customer-submitted service data: information submitted through our services, which may include AOIs, geometries, tile selections, order settings, support attachments, and similar service inputs. Depending on context, this data may be processed by us as controller or, for certain B2B service processing, as processor on behalf of the customer.

3. Cookies & similar tech

We do not use non-essential cookies or localStorage for analytics or advertising on our marketing pages. Our landing-page measurement is cookieless. Our security features (including bot/spam protection) may set strictly necessary cookies, such as __cf_bm or cf_clearance, to keep the site reliable and secure. These do not require consent.

Google Ads on our landing pages runs in Consent Mode with cookies disabled by default; we send a minimal, cookieless conversion ping on CTA click. If you later provide consent, Google may use cookies in line with that consent.

The dashboard may use localStorage/session storage to remember non-personal preferences (e.g., “show this once”, map settings, or theme). These are not used to track you across sites and you can clear them via your browser at any time.

4. Why we process data and our legal bases

  • To provide, operate, and maintain our services, including account features, dashboard access, support, and requested functionality (legal basis: contract or steps taken at your request before entering into a contract).
  • To secure the service, prevent fraud and abuse, troubleshoot issues, monitor performance, and improve reliability and usability, using aggregated or pseudonymous data where possible (legal basis: legitimate interests).
  • To measure the effectiveness of our marketing and landing pages, including cookieless or pseudonymous conversion and campaign measurement where used (legal basis: legitimate interests, and consent where required by applicable law).
  • To communicate with you, respond to enquiries, send service-related messages, and send newsletters or marketing communications where you have opted in (legal basis: contract, legitimate interests, or consent, depending on context).
  • To manage billing, tax, accounting, recordkeeping, and legal compliance(legal basis: legal obligation and, where relevant, legitimate interests).

Where we rely on legitimate interests, our interests generally include operating a secure and reliable service, understanding how our services are used, preventing abuse, improving our products, and communicating effectively with users and customers.

5. When providing data is optional or necessary

You can browse most marketing pages without submitting contact or account data. If you choose to contact us, sign up for communications, create an account, request support, or use account-based service features, we may need certain personal data to provide the requested service or respond to your request. If you do not provide the required data, we may not be able to create or maintain the account, provide the requested feature, or respond effectively.

6. What we don’t do

  • No non-essential cookies on marketing pages; no cross-site tracking.
  • No selling or “sharing” personal information for behavioural advertising.
  • No user profiling or automated decisions that have legal or similarly significant effects.

7. When we act as processor for business customers

In connection with certain B2B services, we may process personal data on behalf of a business customer acting as controller. In those cases, our processing is governed primarily by the applicable customer agreement and Data Processing Addendum, and the customer is responsible for providing any privacy notice required for that processing.

This policy mainly describes personal data processing for which ClearSky Imagery ApS acts as controller.

8. International transfers

Some of our providers may process personal data outside Denmark or outside the EU/EEA. Where required, we use appropriate safeguards for such transfers, such as the European Commission’s Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms.

If you would like more information about the safeguards used for relevant transfers, you may contact us at [email protected].

9. Recipients and service providers

We share personal data only where reasonably necessary to operate our business, provide the service, protect users, comply with law, or support our customers. Recipients may include:

  • infrastructure, hosting, CDN, security, and database providers;
  • email, communications, support, and CRM providers;
  • analytics, measurement, and advertising providers used on our marketing pages;
  • payment, invoicing, accounting, and tax-related providers;
  • professional advisers such as lawyers, auditors, and insurers where needed; and
  • authorities, regulators, courts, or law enforcement where required by law or reasonably necessary to protect our rights.

Today, these may include providers such as Cloudflare (infrastructure, security/CDN, server-side analytics and databases), Google (measurement and advertising-related services on selected landing pages), and Brevo (email and communications). We may update this list as our service evolves.

10. Data retention

  • Service logs, security telemetry, and abuse-prevention data: up to 90 days, unless a longer period is reasonably needed for investigation, incident handling, or legal claims.
  • Marketing landing-page measurement data: up to 12 months.
  • Contact and support correspondence: kept for as long as reasonably necessary to handle the enquiry, maintain the customer relationship, or defend legal claims.
  • Newsletter and marketing opt-in records: until you unsubscribe or withdraw consent, and then limited suppression information for up to 24 months to respect your preferences.
  • Customer account, subscription, and billing records: for the duration of the relationship and afterwards for applicable statutory, accounting, tax, audit, and claims-limitation periods.
  • Customer-submitted service data: retained according to the applicable service, subscription plan, contractual terms, technical retention settings, and documented storage rules for the relevant service.

After the applicable retention period, we delete, anonymise, or securely archive personal data in accordance with applicable law and our internal retention practices.

11. Your rights

Depending on applicable law, you may have the right to request access to your personal data, rectification, erasure, restriction of processing, portability, and to object to certain processing. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise your rights, contact us at [email protected]. We may need to verify your identity before responding.

You also have the right to complain to your local supervisory authority. In Denmark, the relevant authority is Datatilsynet.

12. Security

We implement appropriate technical and organisational measures designed to protect personal data, which may include encryption in transit and, where appropriate, at rest, access controls, logging, and backup and recovery measures. However, no online service is 100% secure.

13. Children

Our services are not directed to children under 16, and we do not knowingly collect their personal data.

14. Changes

We may update this policy from time to time. We will post changes here and update the “Last updated” date. For material changes, we may also provide additional notice.

15. Contact

Questions or requests? [email protected].