Aloft has passed its annual SOC2 Type II, ISO 27001, and FAA LAANC audits.
We undergo regular reliability and security verification practices in accordance with industry and regulatory requirements.
Aloft has passed its annual SOC2 Type II, ISO 27001, and FAA LAANC audits.
We undergo regular reliability and security verification practices in accordance with industry and regulatory requirements.
Security Throughout the Data Lifecycle
Account Access
We offer single sign-on (SSO), two factor authentication (2FA) and multi-factor authentication (MFA) for additional security layers.
In Transit
All data from operator devices to Aloft servers is encrypted in transit using TLS 1.2.
Live Streams
Live audio and video streams are encrypted in compliance with the ISO 27001 standards.
UTM Traffic & Remote ID
Live aircraft telemetry and identification are encrypted in transit using TLS 1.2.
API Integrations
Airspace, mission planning, fleet management, and reporting APIs are encrypted using TLS 1.2.
Storage
All data files are stored and backed up in encrypted domestic AWS servers.
Network Monitoring
Aloft uses an Intrusion Detection System (IDS) that provides real-time network traffic and infrastructure event monitoring and flagging.
Aloft Keeps Data Local
When operators fly using Aloft mobile apps, sensitive flight data including location, authorizations, photos, and videos are not transferred to aircraft OEM data repositories.
We do this through default enablement of Local Data Mode. Data stays in the Aloft cloud using domestic AWS data storage.
Responsible Disclosure Policy:
Reporting a Security Vulnerability
If you’ve found a vulnerability or security flaw while using Aloft, let us know via email: infosec@aloft.ai. To help us reproduce and fix the issue, please provide screenshots and as much information as possible.
Want to know more?
The Aloft InfoSec team is available to provide additional documentation, audit reports, and detail about how we secure our own infrastructure and your sensitive drone data.