Security at DroneDeploy

The most secure reality capture platform available

At DroneDeploy, safeguarding customer data is our top priority. We’ve built multiple layers of protection into all aspects of our platform.

Security at DroneDeploy

End-to-end security with DroneDeploy

At DroneDeploy, we’ve got your data security needs covered.

Whether you’re using our DroneDeploy Aerial or DroneDeploy Ground applications, your information is encrypted in transit (TLS 1.2+) and at rest (AES 256), and continuously monitored for performance, reliability and security.

We also utilize the defense-in-depth security measures described below to ensure your data’s safety.

Industry-leading compliance certifications and regulations

DroneDeploy adheres to key industry standards, privacy regulations and certifications.
SOC 2 Type 1
SOC 2 Type 2
ISO 27001
PCI/DSS
Privacy Shield
GDPR

Robust identity and user management

No matter how big your business is or where it’s located, having robust user access controls is crucial. DroneDeploy offers a range of tools to make sure your data is only accessible by the right people, at the right time.
1 / 4

Single sign-on (SSO)

To improve security and simplify the user experience we offer Google SSO and two-factor authentication (2FA) for all accounts. There’s also the option for multiple 2FA mechanisms including access codes or security keys.
2 / 4

Enterprise SSO

Authenticate against multiple provider types including Active Directory Federation Services, Google Apps, Microsoft Office 365, PingFederate and Azure Active Directory. DroneDeploy also provides integration via SAML 2.0 compliant identity providers.
3 / 4

Roles and permissions

DroneDeploy offers enterprises four different types of user roles: admin, editor, viewer and coordinator. These roles determine whether data can be accessed, deleted, moved or modified. Controls are also available at folder or project levels.
4 / 4

Activity audit trails

Enterprise administrators can export audit activity logs from DroneDeploy, listing details of all primary interactions that have occurred within their organization’s account. They can also view any data that has been shared outside of their organization.

Data infrastructure security – from capture to storage

Your data is protected throughout its lifecycle. Data is hosted in AWS and Google Cloud with robust physical security measures and access restrictions. All customer data is stored in US data centers, unless explicitly agreed upon in the customer contract.

DroneDeploy also offers the option to store and process data exclusively within secure data centers located in South Korea, the United Kingdom and Australia. Talk to your DroneDeploy sales representative to find out more.
1 / 4

Data encryption

DroneDeploy uses in-transit and at-rest encryption. Data is sent securely to DroneDeploy via HTTPS using the latest recommended ciphers and TLS encryption protocol and encrypted while at rest on our servers. This prevents unwanted third parties from intercepting your data.
2 / 4

Penetration testing

DroneDeploy undergoes annual network and system level penetration tests by independent  security specialists.
3 / 4

Physical access

DroneDeploy employees do not have physical access to Google data centers or AWS servers. Both Google and AWS data centers are monitored 24/7 with restricted access and stringent physical security controls.
4 / 4

Trusted service providers

We work exclusively with reputable vendors to build and support our application. All service providers are US-based and have been subjected to rigorous security checks before we start doing business with them. For more information about these service providers, view our subprocessors.

Rigorous product and application security

DroneDeploy is invested in building a secure and user-friendly environment. Every new feature undergoes an extensive risk assessment and ongoing security reviews.
1 / 4

Security and privacy by design

DroneDeploy adheres to a Secure Development Lifecycle (SDL). This incorporates key components from industry standard SDL models including the Microsoft Security Development Lifecycle and OWASP Software Application Maturity Model.
2 / 4

Risk assessment

All software components undergo a security risk assessment leveraging best practices from the OWASP Top 10 and other requirements unique to the DroneDeploy environment. Based on this analysis, each project has security requirements that must be fulfilled before production.
3 / 4

Security review process

All DroneDeploy features and functionalities go through a security review process. Our code is audited with automated static analysis software, tested and manually peer-reviewed prior to production. All live applications also go through regular penetration testing.
4 / 4

Bug bounty program

DroneDeploy has a robust bug bounty program which incentivizes users and independent researchers to identify and report security defects. For more information, read our Vulnerability Reporting Policy.

Extend our industry-leading security to your hardware

In addition to our rigorous cloud security protocols, DroneDeploy also offers additional security for your fixed assets, such as DJI’s Dock 1 and Dock 2, as well as the DJI Mavic 3 Enterprise (coming in 2025).

DroneDeploy’s Firewall offering provides an extra layer of security for your dock or drone, ensuring your data goes directly to trusted DroneDeploy servers in the U.S. via dedicated assigned IP addresses.

To learn more about Firewall, contact your DroneDeploy sales representative today.

Turn on Privacy Mode

In addition to upholding the privacy rights of our customers, DroneDeploy has developed a unique feature called Privacy Mode for enhanced privacy protection.

Privacy Mode is an opt-in enterprise feature that automatically conceals faces and bodies detected in Walks in our DroneDeploy Ground product.



Privacy Mode is designed to meet the needs of privacy-conscious customers, including contractors working in public/government facilities or educational institutions, as well as EU customers complying with GDPR requirements.


To learn more about Privacy Mode, contact your DroneDeploy sales representative today.
Contact

Questions? Just ask

At DroneDeploy, transparency is one of our core principles. We’re committed to being transparent and honest about our approach to security and data privacy.

If you have any questions, please don’t hesitate to reach out: [email protected]

For further information, read our Privacy Policy or visit the Security and Compliance section of our Help Center.