The security of drone data is crucial to protect personal privacy, commercial confidentiality, prevent illegal use, and ensure data integrity and reliability. Whether it is an individual user or an enterprise organization, when using drones, they should pay attention to and strengthen relevant data security measures, including encrypted transmission, access control, data backup, etc., to protect the security of drone data to the greatest extent.
User Data Protections
Respecting user privacy is our top priority.
Autel Robotics never accesses any user data without proper authorisation and user consent. We have implemented practical technical security and organisational measures, including:
- Permission-Based Personally Identifiable Information (PII): Users have full control over granting and closing access to their personally identifiable and sensitive information, such as email addresses and mobile phone numbers. This information is protected by the AES-256 encryption algorithm and securely stored in AWS data centres. We employ a multi-layer data security protection mechanism to ensure the utmost privacy and data security. AES-256 encryption is widely recognised as the safest symmetric encryption algorithm, with a key length of 256 bits. It is commonly used to protect sensitive data like financial transactions and medical records.
- Aircraft Log Information: Log information, including app and firmware versions, flight trajectory, telemetry, etc., is stored locally on the device. Only with the user’s explicit authorisation and consent can this data can be utilised for Autel After-Sales Service purposes.
- Limited Server Access: During the service provision, our server only identifies the equipment and application information relevant to the aircraft and remote control. We strictly adhere to not accessing any user data during this process.
Data Transmission
To safeguard data integrity during transmission, we employ various encryption algorithms, including:
- Drone and Remote Control Communication: Image and data transmission links between the drone and remote control are protected by AES-256 and AES-128 encryption algorithms, respectively.
- Autel Explorer App Security: The Autel Explorer App adopts the HTTPS protocol for data transmission between the server and app. We leverage security technologies like SSL/TLS to encrypt the transmission channel. HTTPS is a widely recognised and trusted secure communication protocol, endorsed by multiple institutions and standards organisations. By utilising the TLS/SSL protocol, it ensures data security during transmission.
Media Storage Security
The media files stored in the SD card are afforded additional protection:
- Onboard Storage Encryption: Media files are encrypted with AES-256, and the SD card supports onboard storage passwords. When the encryption function is enabled, only the user possesses access rights to the onboard storage data. Autel Robotics cannot obtain this password, ensuring the utmost data privacy and security.
Erasable Data Upon Request
We provide straightforward methods for users to clear data and delete their accounts, ensuring the removal of any associated data generated while using our devices:
- Account Deletion: Users can delete their accounts directly through the Autel Explorer App, erasing all data associated with the account, including logs and caches within the app itself.
- Server Data Deletion: Once an account is deleted, all related logs and other information stored on our servers are automatically, permanently and irretrievably deleted.
- Device Factory Reset: Users have the option to restore their device to factory settings through the system settings, further eliminating any residual data.
Other Measures
In addition to the aforementioned security practices, we have implemented further measures to enhance data protection:
- Registration-Free and Account Login-Free Upgrades: Our devices support upgrades without requiring registration or account login, ensuring a seamless and hassle-free process.
- Local Photo and Video Storage: Photos and videos saved in the remote control are never uploaded to any server. Users can have peace of mind knowing that their media remains solely on their device, maintaining their privacy.
The US DoD ‘UAS Blue List’
Users sometimes enquire about Autel Robotics and the ‘UAS Blue List’.
The UAS Blue List is a list of manufacturers and drones that are compliant with very specific laws and regulations of the US Department of Defense (DoD). This list is exclusively for the US DoD only and means that even other US Government Agencies, whether Federal, State or Local, as well as user-types such as police and fire, as well as any other organisation (both public or private) in any other country or community, are not held to the same regulation (intentionally) and are therefore clearly outside the scope of the UAS Blue List. The procurement or use of aircraft that are not on the US DoD UAS Blue List her than the US DoD does not in any way infer that it is less ‘safe’ or operate at a ‘lower’ degree of security; the UAS Blue List is exclusively for UAS customers internal to the US DoD only.
Conclusion
At Autel Robotics, we prioritise our customers’ trust and strive to uphold the highest standards of data security and privacy protection.
By leveraging cutting-edge technology, we continuously enhance business efficiency and create value while ensuring the safety and confidentiality of user data.