GDX Development
Contact

Privacy Policy

Privacy Policy – Vector

Last updated: February 20, 2026

This Privacy Policy describes how Gates Defense Systems LLC, DBA GDX Development (“GDX,” “we,” “us,” or “our“) collects, uses, and protects information when you use the Vector mobile application (the “App“).

Vector is a restricted-access navigation and situational awareness tool designed for hiking, hunting, and professional operations. Access to the App is limited to provisioned accounts established under a contract between GDX and an organizational customer.

By using Vector, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We collect information necessary to provide the App’s functionality, secure access, and support our contracted customers.

Location Information

  • Precise device location (GPS and similar technologies) while the App is in use and, where enabled by your organization, in the background.
  • Historical routes, tracks, and location history associated with your account.

Account and Identifiers

  • Account username, password (stored in encrypted form), and other internal account identifiers.
  • Organization or group identifiers that link your account to your customer’s environment.

In-App Communications

  • Text chat content and associated metadata (sender, recipients, timestamps).
  • Push-to-talk (PTT) audio content where recorded or logged by your organization’s configuration.

Media and User-Generated Content

  • Photos and videos you upload or capture within the App.
  • Any annotations, labels, or mission-related content you attach to locations or media.

Contacts and Operational Directory Information

  • Operational contacts and team lists provisioned by your organization or created within the App (for example, display name, role, and association to units or channels).
  • We do not access the personal contacts stored in your device’s native address book.

App Info and Performance

  • Diagnostic and performance information such as crash logs, error reports, and technical metrics (e.g., latency, resource usage) to help maintain and improve reliability.

Device and Technical Information

  • Basic device and application information (such as device model, operating system version, app version, and a device or app-specific identifier) used to secure access, route data, and support the mapping services we use.

2. How We Use Information

We use the information described above solely for the following purposes:

Provide Core Functionality

To deliver navigation, mapping, situational awareness, route tracking, in-app chat, PTT, and media features; to associate your activity with your account and organization.

Account Setup and Access Control

To create and manage user accounts, authenticate users, enforce organization-level access controls, and maintain secure communications environments.

Operational Collaboration

To display team locations, routes, messages, and shared media to authorized users within the same organization or mission space, in accordance with customer configuration.

Security, Fraud Prevention, and Compliance

To protect the App and backend infrastructure, investigate potential misuse, and support customer security and audit requirements.

Reliability and Performance

To monitor and improve application stability and performance using diagnostics and crash information, without building marketing or advertising profiles.

We do not use your information for advertising, retargeting, or sale to third parties.

3. Legal Bases and Customer Control

Vector is deployed for organizational customers under a separate contract. In most cases, GDX processes data as a service provider or processor acting on behalf of that customer, which is responsible for defining the lawful basis and retention periods that apply to its users.

Where applicable law requires, our legal bases for processing may include performance of a contract (providing the App), our legitimate interests in securing and maintaining the service, and compliance with legal obligations.

4. How We Share Information

We do not sell or rent your information and do not share your data with third parties for their independent marketing or advertising purposes.

We may share information in the following limited circumstances:

With Your Organization and Its Authorized Users

Operational data such as locations, routes, chat, PTT, and media is shared with other users and administrators within your organization as configured by your organization.

Service Providers and Infrastructure Partners

We use trusted third-party providers to host and operate the App and related services. These providers may process data on our behalf only to deliver services to us and are bound by contractual confidentiality and security obligations.

We do not share your information with third parties for their independent purposes, marketing, advertising, or profiling.

Map and Location Service Provider (Mapbox)

Vector uses Mapbox to deliver maps and related capabilities. Depending on your organization’s configuration, Vector may connect to:

  • Mapbox public cloud services: In standard deployments, Mapbox may receive certain technical and usage data (such as IP address, device or app identifiers, and limited interaction data) as described in Mapbox’s privacy documentation, for the purposes of operating and improving its mapping platform. This data is not used by Mapbox to deliver ads within Vector.
  • Private enterprise Mapbox servers: Organizations that prefer not to share information with Mapbox’s public cloud may deploy Vector with a private, self-hosted Mapbox server. In these configurations, map data and usage information remains entirely within your organization’s infrastructure and is not transmitted to Mapbox or any third party.

Your organization controls which mapping configuration is used for your deployment.

Legal and Safety Requirements

We may disclose information if required to do so by law or in the good-faith belief that such action is necessary to comply with legal obligations, respond to lawful requests, protect the rights or safety of users, your organization, GDX, or others, or detect and prevent fraud or security issues.

5. Data Retention

Retention is primarily determined by our contractual agreements with each customer.

  • Location history, routes, operational logs, messages, and media are retained for as long as your organization’s contract and configuration specify, and then deleted or anonymized in accordance with that organization’s instructions.
  • Account information is retained while your account remains active and for a reasonable period thereafter (for example, to support logs and audits), unless your organization instructs us to delete it sooner.
  • Diagnostic and performance data is retained only as long as necessary to ensure the stability and security of the App.

Where permitted, we may retain certain limited information if necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

6. Data Security

We take appropriate technical and organizational measures to protect your information.

  • Data is encrypted in transit and at rest using industry-standard encryption technologies.
  • Access to systems that store or process data is restricted to authorized personnel with a business need.

No system can be guaranteed to be 100% secure. However, we work continuously to protect Vector and the data we process.

7. International Transfers

Vector may be deployed on infrastructure selected by your organization. Where data is processed or accessed from outside the country where it was collected, we rely on appropriate safeguards as required by applicable law and our contracts with customers to protect your information.

8. Your Rights and Choices

Depending on your role and the configuration chosen by your organization, you may have the following options:

Access and Correction

You may view and update certain account information through the App or through your organization’s administrators.

Data Export

Users and organizational administrators can request exports of account data and operational data associated with their environment.

Account and Data Deletion

Users can request deletion of their account and associated data by contacting us or their organization’s administrator. We will process deletion requests in coordination with your organization and in line with our contractual and legal obligations.

To exercise these options, contact your organizational administrator or email us at info@gdxdevelopment.com. We may need to verify your identity and confirm your relationship with a customer before processing a request.

9. Children’s Privacy

Vector is intended for use by adults in commercial and government contexts. We do not knowingly collect personal information directly from children under the age of 13. If you believe we have collected such information in error, please contact us at info@gdxdevelopment.com so we can take appropriate action.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top. Material changes will be communicated through the App or through your organization where appropriate.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Gates Defense Systems LLC, DBA GDX Development

Email: info@gdxdevelopment.com