← Back to FlyoverLegal

Version 2026-04-v1 · Last updated: 2026-04-20

Privacy Policy

This Policy explains what information we collect when you use Broll, why we collect it, who we share it with, and the rights you have over your data.

1. What we collect

Account information

When you sign up, we collect your email address and name. We authenticate with a magic-link email flow, so we do not store a password.

Payment information

Payment details (card number, expiry, CVC) are collected and tokenized directly by our payment processor, Stripe. We never see or store your card number. We do store a Stripe customer identifier, subscription status, invoice history, and the last four digits of the card for reference.

Usage and download data

We log clip previews and downloads (which clip, when, from which tier), along with IP address and user-agent, for fraud prevention, license enforcement, and debugging.

Product analytics

We use PostHog to understand how people use the Service. User IDs are hashed and we aggregate events wherever we can. We do not upload personally identifying fields (name, email) into analytics event properties.

2. How we use your information

  • Operate and maintain the Service (show the library, deliver downloads).
  • Process billing, renewals, and metered overage invoices.
  • Enforce the Broll Clip License and these Terms.
  • Measure product usage and improve features.
  • Detect abuse, fraud, and security incidents.
  • Respond to customer support inquiries.
  • Send transactional email (invoices, login links, service notices).

We do not sell your personal information, and we do not share it with advertisers for retargeting today.

3. Third-party processors

We rely on the following sub-processors. Each has its own privacy practices, linked below.

  • Supabase — authentication and database. US-hosted. Privacy
  • Stripe — payments processor, PCI DSS Level 1 certified. Privacy
  • Cloudflare — R2 object storage for source files and Stream for video delivery. Privacy
  • PostHog — product analytics. US-hosted by default; EU-cloud available as an option. Privacy
  • Resend — transactional email delivery (login links, invoices, notifications). Privacy

4. Cookies and similar technologies

  • Essential cookies — authentication session and CSRF protection. These are required for you to stay logged in and cannot be disabled without losing access to the Service.
  • Analytics cookies — PostHog may set a cookie to deduplicate users across sessions. These are not used for advertising.
  • Advertising cookies — we do not use advertising or retargeting cookies today.

5. Data retention

  • Account data: retained while your subscription is active and for 2 years after closure for tax and compliance records.
  • Download logs: retained for 3 years for license enforcement and fraud prevention.
  • Invoices and payment records: retained per applicable tax and accounting law.
  • Deleted upon account closure unless we are required by law to keep longer.

6. Your rights

You may request to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your data (subject to legal retention requirements).
  • Export your data in a portable format.

Send requests to flyover@aerialshots.media. We respond within 30 days.

California residents have additional rights under the CCPA, including the right to opt out of the sale of personal information (we do not sell your information) and the right to non-discrimination for exercising these rights.

7. Children

Broll is a business tool for real-estate professionals and is not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

8. Security

We use TLS (HTTPS) in transit and AES-256 encryption at rest via Supabase and Cloudflare R2. We restrict administrative access to personnel who need it, rotate credentials regularly, and monitor for anomalous activity. No system is perfect — if we discover a security incident that affects you, we will notify you without undue delay, consistent with applicable law.

9. International data transfers

Broll is focused on the Florida market and our primary infrastructure is hosted in the United States. If a processor transfers personal data internationally, they do so under appropriate safeguards such as Standard Contractual Clauses. We do not actively market the Service in the European Union.

10. Changes to this Policy

We may update this Policy from time to time. For material changes, we will notify you by email at least 14 days in advance and post the updated version here with a new version number.

11. Contact

Questions or requests? Email flyover@aerialshots.media. See also our Terms of Service and License.