Privacy & Cookie Policy
This policy explains how duilio.cc handles website, early access, DUILIO FPV account, Garage, device and remote-control service data. Duilink has a separate privacy policy.
(c) 2026 Duilio(TM) - All rights reserved - Fabio GiuliodoriScope
This policy applies to duilio.cc, DUILIO FPV, the FPV account area, Garage, downloads, early access forms and related backend APIs. The Duilink service is governed by its own dedicated privacy policy.
Data we collect
We process only the data needed to operate the website, reply to requests and provide DUILIO FPV account, Garage, device and remote-control features.
- Contact and early access data: name, email, role, requested quantity and message.
- FPV account data: email, password hash, role, account status, email verification status, login and activity timestamps, privacy acceptance version.
- Email verification and password reset data: hashed codes/tokens, expiry times, attempts and usage timestamps.
- FPV Garage and device data: device id, optional label, vehicle type, ownership, enabled/disabled status, public endpoint IP detected by the server, WireGuard port, heartbeat timestamp and agent version.
- Sharing data: owner account, invited pilot account/email, access status, expiry where configured, client status and revoke state.
- WireGuard support data: public keys, tunnel/client identifiers, encrypted client configuration files when required for authorized download and sync.
- Technical tokens: access tokens, device tokens and control-session tokens stored as hashes where possible, with creation, expiry and last-use timestamps.
- Security and diagnostic data: IP address, user agent, request timestamps, rate-limit events and technical error logs.
- No analytics, advertising, or tracking scripts.
- No profiling or tracking cookies.
Why we process this data
- To create and protect FPV accounts.
- To verify email addresses and support password recovery.
- To show Garage devices and authorized shared machines.
- To provide endpoint lookup, heartbeat, WireGuard profile delivery and remote-control session coordination.
- To manage owner/pilot sharing, revocation and access status.
- To provide installer downloads and version information from the personal area.
- To maintain security, prevent abuse, diagnose errors and keep the service reliable.
Legal bases
We process FPV account, Garage and device data to provide the service requested by the user. Security logs, rate limits and abuse prevention are processed under legitimate interest in protecting the service. Where acceptance is required, we record privacy acceptance for compliance and accountability.
Hosting and technical logs
The website and backend are hosted by OVH. Like any web host, OVH may process technical data in server logs, such as IP address, user agent and request timestamps, for security, abuse prevention and service reliability. We do not use these logs for advertising tracking or profiling.
Cookies
We do not use tracking or profiling cookies. FPV account pages use strictly necessary technical cookies for login sessions, CSRF protection and security. Hosting infrastructure may also use technical cookies or equivalent mechanisms for reliability and protection.
WireGuard and remote-control data
DUILIO FPV needs technical data to connect authorized pilots to authorized machines. This may include public endpoints, WireGuard ports, public keys, device tokens, encrypted client profiles and heartbeat status. These data are used only to operate the FPV service, Garage, sharing and diagnostics.
Sharing and authorized pilots
When a device owner shares a machine, the backend records the owner, the invited/authorized pilot account, the device id, access status and optional expiry. This lets the pilot see and use only the machines they are authorized to access.
Retention
Account, Garage and device data are kept while the account or FPV service relationship is active, unless deletion is requested or retention is required for security, legal or operational reasons. Short-lived verification, reset and session tokens expire according to their purpose. Technical logs are kept only as long as needed for security, diagnostics and abuse prevention.
Data deletion
You can request account or data deletion by contacting us. Some technical records may be retained for a limited time where necessary for security, abuse prevention, backups, legal obligations or resolving disputes.
External services
We link to external services that have their own privacy practices:
- GitHub: project repositories and documentation are hosted on GitHub.
- YouTube (privacy-enhanced mode): videos are embedded via youtube-nocookie.com. YouTube may process data when you interact with the embedded player.
- Email providers and hosting infrastructure may process technical data needed to deliver account verification, password reset and service emails.
Contact
If you contact us via the mailto link or form, we will receive your email address and message to respond. We use that information only to handle your request and do not add you to marketing lists.
Your GDPR rights
Under the GDPR, you can request access, correction, deletion, restriction, portability where applicable, and objection to processing where applicable. You can also request deletion of your FPV account data, subject to security, backup, legal and operational limits.
Service terms
DUILIO FPV use is also governed by the DUILIO FPV Terms, including safety rules, user responsibilities and operational limitations.
Updates
This policy may be updated as the service evolves. Version: duilio-fpv-privacy-v3-2026-06-02.