What stays local
- Source drone video and photo folders.
- Local GIS, telemetry, project, and export files unless deliberately shared.
- Desktop app repository work that does not require upload by default.
Security
Local-first drone media, protected account services.
Sightlock is designed so customer drone media stays in the folders and storage locations customers choose. The cloud services support account access, entitlement, billing, email, enquiry handling, website protection, and support.
What the account service stores
- Licence key, subscription state, trial state, and active-device allowance.
- Hashed machine identifiers and machine labels for binding and anti-abuse.
- Support enquiries, attribution, and transactional email delivery metadata.
Protection model
| Surface | Protection |
|---|---|
| Public pages | Open for buyers, search engines, and AI discovery. |
| Trial and enquiry forms | Cloudflare Turnstile, rate limiting, validation, and support routing. |
| Customer account | Supabase magic-link authentication and account-scoped licence data. |
| Owner/admin dashboard | Authenticated APIs plus owner allowlist. Admin URLs alone are not security. |
| Stripe/Resend webhooks | Signature verification before state changes. |
| Installer download | Account entitlement check plus release manifest and signed-build proof before public stable release. |
Report a vulnerability
Email [email protected] with a concise description, affected URL or app version, reproduction steps, and impact. Do not include customer drone media unless explicitly requested.
Responsible disclosure
Please do not access, modify, delete, or exfiltrate data that is not yours. Give Sightlock a reasonable chance to investigate and fix reported issues before public disclosure.