Last updated: 2026-05-05 · Operator: Muninn (sole proprietor, Maine, USA) · Contact: [email protected]

The short version

No advertising, no analytics, no tracking pixels. Muninn does not run Google Analytics, Meta Pixel, Hotjar, or any third-party behavioral tracker. The only cookie we set is the one that keeps you logged in.
We never sell your data and we never share it for advertising. The only third parties that touch your data are the infrastructure providers listed below — payments, email, storage, and GPU compute — and only what they need to do their job.
Photos you upload for 3D processing auto-delete in 14–30 days. Input photo zips: 14 days. 3D model and orthophoto outputs: 30 days. After that they are gone from our storage and can’t be recovered. Download what you want to keep.
Your photos run through a third-party GPU pod (RunPod) during processing. When you start a 3D job, your photo zip is downloaded into a temporary RunPod container, processed by OpenDroneMap, and the outputs are pushed back. The pod is destroyed after the job completes. RunPod has access to the bytes during that window.
Your missions, parcels, and account live as long as you do. Saved missions, named parcels, and account settings stay in our database until you delete them or delete your account. We do not data-mine them or use them to train anything.
Email is for service messages by default. You get account confirmation, job-complete notifications, and billing emails. Marketing emails are off by default and you can flip them on or off in Settings.
You can delete your account by emailing us. A self-serve delete button is on the roadmap. Until then, mail [email protected] from the address on file and we will purge your account and cascade-delete everything tied to it.

1. What we collect

Account data

Email address — required to register; used to log in, send service emails, and find your account when you contact support.
Password — stored only as a bcrypt hash. We can’t see or recover your plaintext password.
Account preferences — display units (imperial/metric), default drone, and per-category email opt-ins (job complete, usage warning, marketing).
Plan + credit balance — which subscription tier you are on, how many subscription credits and pack credits you currently hold, and a ledger of every credit movement (purchase, debit on job, refund).

Mission data you create

Saved missions — the polygons, polylines, and waypoint lists you draw on the map, plus their per-mission camera and capture settings. Stored as JSON tied to your account.
Named property parcels — polygons you save as reusable property outlines.

3D job data

Drone photos you upload — you upload a zip of photos for each 3D processing job. The zip is stored in our object storage bucket (Wasabi, US-East-1) under a per-job key.
3D job records — status, photo count, processing options, error messages if it fails, which worker claimed the job, and pointers to the input/output object keys.
3D outputs — the generated .glb 3D model and the .tif orthophoto, also stored in Wasabi until they expire.

Billing data

Stripe customer ID + subscription ID — we store these references so we can match Stripe webhook events back to your account.
We do not store your payment card. Card numbers, CVCs, and bank details are handled entirely by Stripe and never reach our server.

Waitlist data (closed-beta only)

If registrations are closed and you join the waitlist, we store your email, optionally your drone model, and a free-text note you provide.

Logs and operational data

Server request logs — standard web-server logs (timestamp, method, path, status, IP address, user agent). Used for debugging and abuse prevention. Rotated by our hosting provider (Railway) on the standard retention.
Caches we keep on the server — rounded elevation lookups (so we don’t hammer the upstream DEM API), bbox-keyed FAA airspace responses, and short-TTL weather + ADS-B responses. None of these are tied to your account.

2. What we do not collect

No third-party advertising or analytics scripts. Open the page source and the network tab — the only outbound calls in your browser are to map tile providers (Esri / OpenStreetMap), font CDNs (Google Fonts, unpkg, jsdelivr, cloudflare), and our own API.
No social-media tracking pixels (no Meta Pixel, no TikTok pixel, no LinkedIn Insight, no Twitter/X tag).
No session-replay or heatmap tools (no Hotjar, FullStory, LogRocket, or similar).
No fingerprinting libraries.
No data brokers, ever.

3. Cookies

Muninn uses exactly one cookie: a signed session cookie that holds your logged-in user ID. It is set on login, cleared on logout, and never read by any third party. We do not need a cookie banner because we do not run any non-essential cookies.

4. Where your data is stored, and who else touches it

Muninn is a small operation that leans on infrastructure providers instead of running everything ourselves. Each one has its own privacy policy you can read. We send each provider only what it needs to do its job.

Provider	What they handle	What they see
Railway	App hosting and Postgres database	Everything in the database (account, missions, parcels, job rows, credit ledger, waitlist) plus request logs
Wasabi	Object storage (US-East-1) for uploaded photo zips and generated 3D outputs	The raw photo zip and the resulting `.glb` + orthophoto, until lifecycle expiry
RunPod	Ephemeral GPU pods that run OpenDroneMap on your photos	The contents of the photo zip during a single job; the pod is destroyed afterward
Stripe	Subscriptions, credit-pack purchases, payment processing	Your email, billing address, and payment method — sent directly from your browser to Stripe’s hosted Checkout
MailerSend	Transactional email delivery (confirmation, welcome, job complete, billing)	Your email address and the body of the message we send you
Open-Meteo	Worldwide elevation DEM and current weather (proxied through our server)	Latitude/longitude coordinates only — no account info
FAA ArcGIS	Airspace data (proxied through our server)	The bounding box of the area you are looking at — no account info
airplanes.live	Live ADS-B aircraft positions (proxied through our server)	Latitude/longitude only — no account info
Esri / OpenStreetMap	Map tiles (loaded directly by your browser)	Your IP address and the tiles you request, governed by their own terms
Google Fonts, unpkg, jsdelivr, cloudflare CDN	Static assets (fonts and JS libraries)	Your IP address and the asset URL, when your browser fetches the file

Muninn does not use any of these providers’ analytics, advertising, or audience-building features. They are used purely for the technical service they provide.

5. How long we keep things

Data	Retention
Uploaded photo zips	14 days from upload, then auto-deleted by the Wasabi bucket lifecycle policy
Generated 3D models + orthophotos	30 days from creation, then auto-deleted by the bucket lifecycle policy
Saved missions, named parcels, account settings	Until you delete them, or until you delete your account
Job records (status, photo count, error messages)	Kept after the files expire so you can see your history; deleted when you delete your account
Credit ledger entries	Kept for as long as your account exists, for accounting and dispute support
Stripe billing records	Retained by Stripe per their policy and applicable tax/financial-records law (typically 7 years)
Server request logs	Whatever the standard Railway log retention is at the time (rolling, short window)

You can also explicitly delete a saved mission, a parcel, or a 3D job at any time from your dashboard.

6. How we use the data

To run the service — authenticate you, render your missions, queue and process 3D jobs, charge subscriptions, send the result emails you opted into.
To prevent abuse — rate-limit upstream API calls, detect concurrent double-spend on credits, identify unusual job patterns.
To improve the product — if a job fails, the error message and the photo count help us debug. We never look at the contents of your saved missions or the imagery in your photos for any purpose other than the specific 3D job you submitted.

We do not use your photos, missions, or any other content to train AI models, sell to third parties, or build advertising profiles.

7. Email

Muninn sends a small set of transactional emails: an account-confirmation link when you register, a welcome note, a "job complete" message for each 3D job (if you have that toggle on), and billing receipts via Stripe. The marketing-email toggle is off by default; you have to explicitly opt in. You can change all email preferences in Settings. Account confirmation and billing emails are required for the service to work and can’t be turned off without closing the account.

8. Your rights

Depending on where you live (the EU/UK GDPR, California’s CCPA, and similar laws elsewhere), you may have the right to:

Access the personal data we hold about you,
Correct anything that is inaccurate,
Delete your account and the data tied to it,
Export a copy of your data in a machine-readable format,
Object to a particular use of your data, or withdraw a consent you previously gave.

To exercise any of these, email [email protected] from the address on file. We respond personally, usually within a couple of days. We do not charge for these requests and we will not retaliate by degrading your account.

9. Account deletion

Account deletion is not yet self-serve. To delete your account today, email [email protected] from the address on file. We will:

Cancel any active Stripe subscription so you are not billed again,
Delete your users row, which cascade-deletes your missions, parcels, jobs, credits, ledger entries, API keys, and waitlist row,
Delete any photo zips and 3D outputs still in Wasabi that belong to you (anything past lifecycle expiry is already gone),
Confirm the deletion by reply.

Stripe billing history (invoices, charges, refunds) is retained by Stripe per their own policy and applicable tax law — we can’t purge those even at your request.

10. Children

Muninn is not directed at children under 13 (or under 16 in jurisdictions that set a higher age of digital consent). We don’t knowingly collect personal data from children. If you believe a child has registered, email us and we will delete the account.

11. International transfers

Muninn is operated from the United States, and the providers above are primarily US-hosted. If you use the service from outside the US, you understand and consent that your data will be transferred to and processed in the US. We have no facilities outside the US and we do not deliberately transfer your data anywhere else.

12. Security

We follow standard practice: passwords are bcrypt-hashed; secrets are kept in environment variables, never in source control; HTTPS is enforced; the session cookie is HTTP-only and signed; database access is scoped to the application and locked to the application’s private network. No system is perfectly secure — if we ever suffer a breach affecting your account, we will notify you by email without undue delay.

13. Changes to this policy

If we change anything material about how we handle your data, we will update this page, change the "Last updated" date at the top, and email registered users before the change takes effect. Minor wording fixes won’t trigger an email.

14. Questions or complaints

Mail [email protected]. A real person reads it. EU/UK users also have the right to complain to their local data protection authority if they believe we’ve mishandled their data, but we’d much rather you tell us first so we can make it right.

One person, one promise: Muninn is a small, owner-operated tool. The simpler we keep the data we hold, the easier it is to keep our promises about it. If anything on this page surprises you or feels off, that is a bug — tell us and we will fix it.

Privacy Policy