Hidden Level Inc. (“Hidden Level,” “we,” “us,” or “our”) provides airspace monitoring drone detection services to our customers. This Hidden Level Privacy Policy (“Policy”) describes how Hidden Level collects, uses, discloses and otherwise processes the personal data described in this Policy, as well as the rights and choices individuals have regarding such personal data.
Except as otherwise noted below, this Policy applies to the personal data that Hidden Level processes as a controller or business related to:
- users of our websites where this Policy is posted, including https://hiddenlevel.com, our mobile application, our SaaS platform, and the services we provide through these (collectively, the “Services”).
- individuals who register for or participate in our webinars and other events;
- individuals who are subscribed to receive news, information and marketing communications from us; and
- individuals that communicate with us or otherwise engage with us related to our Services.
As further described below, we collect personal data directly from individuals, from third parties, and automatically when such data relates to the use of our Services or other interactions with us.
Personal Data Collected Directly. The personal data we collect from you depends upon how you use our Services or otherwise interact or engage with us, but generally includes:
- Registration and profile information. To create your user account, we will collect your email address, your subscription account’s registration code, and the username and password you create for your account. You may also provide us with your contact information, such as your address and phone number.
- Payments and purchases. When you make a purchase or payment through the Services, we collect purchase and payment information in order to process your payment, such as your credit card number and applicable shipping and billing address. We also maintain records about your past purchases.
- Communications and interactions. When you email, call, or otherwise communicate with us and with members of our team, we collect and maintain a record of your contact details, communications and our responses. We also maintain records of communications and information that you post in chat sessions, forums and in other areas of the Services, well as on our social media channels, and information you provide to us related to any customer support requests.
- Events and other requests. We also collect personal data related to your participation in our events as well as other requests that you submit to us related to our Services. For example, if you register for or attend an event that we host or sponsor, we may collect information related to your registration for and participation in such event. When you fill out a ‘Contact Us’ form, signup for our mailing lists, or otherwise request information from us, we collect and maintain records of your requests.
Personal Data from Third Parties. We may collect personal information about you from third party sources, such as public databases, joint marketing partners, social media platforms or other third parties.
- If you post information about us or engage with us on third party platforms or choose to log in to our Services with a third-party account (e.g., Google), we may collect personal information about you from that third party platform or account. These third-party platforms and services control the information they collect and share about you. For information about how they may use and disclose your information, including any information you make public, please consult their respective privacy policies.
- We may receive personal data about you from your employer or other organization that subscribes to our Services. For example, your employer may provide us with your name and contact information in order to provision you with access to the Services.
Personal Data Collected Automatically. We automatically collect personal data related to your use of our Services and interactions with us and others, including information we collect automatically (e.g., using cookies and pixel tags), as well as information we derive about you and your use of the Services. Such information includes:
- Device and browsing information. We use cookies, log files, pixel tags and other tracking technologies to automatically collect information when users access or use our Services, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider, referring and exiting URLs, operating system, language, clickstream data, and similar device and usage information. For more information, see Section 6. Cookies, Targeting and Analytics, below.
- Activities and usage. We also may collect activity information related to your use of the Services, such as information about the links clicked, searches, features used, items viewed, time spent within the Services, crashes or service incidents, anonymized data analytics including locations monitored, time spent logged in, and interactions with others within the Services.
- Location information. We may collect or derive location information about you, such as through your IP address. Further, with your permission, we may collect geolocation information from your device. You may turn off location data sharing through your device settings.
Generally, we collect, use, disclose and otherwise process the personal data we collect for the following purposes:
- Services and support. To provide and operate our Services, communicate with you about your use of the Services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you about the Services, and for similar service and support purposes.
- Analytics and improvement. To better understand how users access and use the Services, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop services and features and new products, and for internal quality control and training purposes.
- Customization and personalization. To tailor content we may send or display on the Services, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences.
- Marketing and advertising. For marketing and advertising purposes. For example, to send you information about our Services, such as offers, promotions, newsletters and other marketing content, as well as any other information that you sign up to receive. We also may use certain information we collect to manage and improve our advertising campaigns so that we can better reach people with relevant content.
- Planning and managing events. For event planning and management, including registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services.
- Research and surveys. To administer surveys and questionnaires, such as for market research or user satisfaction purposes.
- Security and protection of rights. To protect the Services and our business operations; to protect our rights or those of our stakeholders; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use or other agreements we have entered into with you or your employer/organization.
- Compliance and legal process. To comply with the law and our legal obligations, to respond to legal process and related to legal proceedings.
- General business and operational support. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.
We may disclose the personal data that we collect for the purposes described above, in order to provide our Services to you, to respond to and fulfil your orders and requests, as otherwise directed or consented to by you, and as follows:
- Vendors and service providers. We may disclose personal data we collect to our service providers, processors and others who perform functions on our behalf. These may include, for example, IT service providers, help desk, payment processors, analytics providers, consultants, auditors and legal counsel.
- Our affiliates. We may disclose personal data we collect to our affiliates or subsidiaries, who will use and disclose this personal information in accordance with the principles of this Policy.
- Our business clients. Any client data that we collect and process on behalf of a business client will be disclosed to the business client and otherwise shared as directed by that business client. This may include information about how the client’s employees or other users activities within the Services.
- Third party platforms, providers and networks. We may disclose or make available personal information to third party platforms and providers that we use to provide or make available certain features or portions of the Services, or as necessary to respond to your requests. We may also make certain information that includes personal data available to third parties in support of our marketing, analytics, advertising and campaign management (see Section 6. Cookies, Targeting and Analytics for more information).
- In support of business transfers. If we or our affiliates are or may be acquired by, merged with, invested in, or receive financing from another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected about you to the other company. We may also share certain personal data as necessary prior to the completion of such a transaction or corporate transactions such as financings or restructurings, to lenders, auditors, and third-party advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for a transaction.
- Compliance and legal obligations. We may also disclose personal data to third parties to comply with our legal and compliance obligations and to respond to legal process. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. This may include regulators, government entities, and law enforcement as required by law or legal process. In addition, it may include certain disclosures that we are required to make under applicable laws.
- Security and protection of rights. We may disclose personal data where we believe doing so is necessary to protect the Services, our rights and property, or the rights, property and safety of others. For example, we may disclose personal information in order to (i) prevent, detect, investigate and respond to fraud, unauthorized activities and access, illegal activities, and misuse of the Services, (ii) situations involving potential threats to the health, safety or legal rights of any person or third party, or (iii) enforce, and detect, investigate and take action in response to violations of, our Terms of Use or other agreements we have entered into with you or your employer/organization. We may also disclose information, including personal data, related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.
We may also use and disclose aggregate, deidentified, and other non-identifiable data related to our business and the Services for quality control, analytics, research, development and other purposes. Where we use, disclose or process de-identified data (data that is no longer reasonably linked or linkable to an identified or identifiable natural person, household, or personal or household device) we will maintain and use the information in deidentified form and not to attempt to reidentify the information, except in order to determine whether our deidentification processes are reasonable and adequate pursuant to applicable privacy laws.
We and our third-party service providers use cookies, pixels, local storage objects, log files, APIs, and other mechanisms to automatically collect information including browsing activity, device and similar information within our Services and to target advertising and content on third party sites and services. We use this information to, for example, analyze and understand how users access, use and interact with our Services, as well to identify and resolve bugs and errors in our Services and to assess secure, protect, optimize and improve the performance of our Services. You have certain choices about our use of cookies and tracking within the Services, as described in this section. For more information on the types of personal data we collect via cookies and similar mechanisms, please see Section 2. Personal Data Collected.
Cookies. Cookies are alphanumeric identifiers that we transfer to your device’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log-in process, support the security and performance of the Services, or allow us to track activity and usage data within Service.
Pixel tags. Pixel tags (sometime called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. While cookies are stored locally on your device, pixel tags are embedded invisibly within web pages and online content. We may use these, in connection with our Services to, among other things, track the activities of users, help us manage content and compile usage statistics. We may also use these in HTML emails we send, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Local storage objects. Local storage is a web storage mechanism that allows us to store data on a browser that persists even after the browser window is closed. Local storage may be used by our web servers to cache certain information in order enable faster loading of pages and content when you return to our websites. You can clear data stored in local storage through your browser. Please consult your browser help menu for more information.
Third-Party Analytics and Tools. We use third party tools, such as Google Analytics, which are operated by third party companies. These third-party analytics companies may collect usage data (using cookies, pixels and similar tools) about our Services in order to provide us with reports and metrics that help us to evaluate usage of our Services and improve performance and user experiences. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.
Managing Your Preferences. We make available several ways for you to manage your preferences regarding targeted advertising, matching and cookies within our Services. Many of these are browser and device specific, which means that you need to set the preference for each browser and device you use to access our Services; in addition, if you delete or block cookies, you may need to reapply these preferences. Further, opting out of cookies and advertising as discussed below does not mean that you will no longer receive advertising content from us. You may continue to receive generic or “contextual” ads from us. Please note that opting out of participating ad networks does not opt you out of being served advertising. You may continue to receive generic or ‘contextual’ ads on our Services. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs.
- Browser settings. If you wish to prevent cookies from tracking your activity on our website or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Services who disable cookies will be able to browse the Site, but some features may not function.
We make available a number of ways that you can manage your privacy choices and submit privacy requests related to your personal data. These include:
- You can review and update much of the personal information we maintain from you, by logging into your HL Display account and updating your profile information. Users logging into developer.hiddenlevel.com accounts cannot make these updates.
- Marketing and other communications. You can opt out of receiving marketing emails from us by using the unsubscribe link in the footer of each marketing email we send to you. To stop text message notifications of drone activity, a user must log into the app and turn off SMS messaging.
- Deleting your mobile app account. You may close your account at any time. When you close your account, we will, except as described herein, delete or deidentify your information from our databases. Please understand that, given the nature of the Services, if you choose to close your account, we will not delete or deidentify (i) information that we are required to or otherwise allowed to retain under applicable law or (ii) information subject to legal or contractual retention requirements (including our contracts with our corporate clients) or (iii) information retained per Section 10. Retention or (iv) information retained for security or anti-fraud or to protect third party rights/systems. IOS account users may close your personal account at any time by logging into your account and selecting “Delete Account”. To initiate account deletion, users may email support@hiddenlevel.com with subject line: Delete Account Request and Hidden Level will delete the account and de-identify any associated information from the database within a reasonable amount of time.
Our Services are not designed for children and we do not knowingly collect personal data from children under 13. If we discover that a child under 13 has provided us with personal data in violation of applicable law, we will delete such information from our systems. If you’re a parent and you believe we have collected your child’s information in violation of applicable law, please contact us as set forth below, in Section 12.
We have implemented safeguards that are intended to protect the personal data we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security. There are also certain steps you can take to better protect against unauthorized access to your personal data. For example, you should choose a strong password for your that is unique to the Services; you should not reuse passwords across multiple sites and services or share your password with others.
We retain the personal information we collect only as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection. For example, we will retain your personal data and account data for as long as you have an active account with us, for as long as necessary to comply with our tax, accounting and recordkeeping obligations, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and comply with legal obligations.
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any updates to Policy on our website. If we make material changes to how we collect, use and disclose the personal data we have previously collected about you, we will endeavor to provide you prior notice, such as by emailing you or posting prominent notice through on our website or within the Services.
If you have questions about this Policy or our privacy practices, you may contact us at support@hiddenlevel.com.
Our technology is designed, developed, and manufactured in the US.
Our system does not use demodulation. We assess the physical characteristics of the RF signal (protocol layer) to determine the type of craft (i.e. drone) and other location attributes like latitude, longitude, altitude, elevation, speed, etc.
Commercial data is hosted on Amazon Web Services. Access to these servers is controlled with a least-privilege paradigm, such as IP-address restrictions and multi-factor authentication via FIPS 186.5 compliant public/private key exchange. The AMS API is secured using TLS 1.3 which provides secure communication of data using exceptional cryptographic algorithms, advanced ciphers, and has functions to ensure data integrity while mitigating the risk of tampering. API access and authentication are controlled via user-specific API tokens.
Access to sensors is protected using encrypted tunnels and FIPS 186.5 compliant Digital Signature Key public/private cryptographic key exchange. Additional protection provided by site-local firewalls and network intrusion defenses that enforce strict IP-based access rules.
Hidden Level provides multiple user interface options. Hidden Level can provide our internally developed display which consists of a modern web-based interface accessible from the internet as well as a mobile application version supported on iOS and Android devices. Alternatively, you can integrate into a GIS system of your choice via a secure API connection.
Integrate using our open API, secured by FIPS 140-2 compliant cryptography or use our turnkey web interface.
The FCC (Federal Communications Commission) regulates the transmission of radio frequency signals to prevent interference with other communication systems, such as cellular networks, Wi-Fi, radio, and emergency services. Since our system relies on passive RF sensing, it does not actively transmit RF signals, only receives and analyzes ambient signals. This does not impact the licensed or unlicensed frequency bands managed by the FCC, making it exempt from the strict transmission regulations that apply to active RF devices like radars or Wi-Fi routers.