Data Security & Cybersecurity Policy
Last Updated: Feb 1st, 2025

Drone Inspect NYC (“the Company,” “we,” or “us”) is committed to safeguarding the integrity, confidentiality, and availability of all client and operational data collected through our drone inspection services. This Cybersecurity & Data Protection Policy outlines the measures we take to secure digital assets, protect client information, and maintain regulatory compliance.

1. Data Collection & Handling
   We collect and process data necessary for drone inspection services, including but not limited to: – High-resolution aerial imagery, 3D models, and orthomosaics
   – Project site addresses and metadata
   – Contact information such as names, emails, and phone numbers

All data collected is used solely for the purpose of service delivery, regulatory compliance (e.g., FAA/NYPD permits), and internal operations. We do not sell or share client data with third parties for marketing purposes.

2. Data Access & Storage
   – All project files and sensitive data are stored in secure, encrypted cloud environments (e.g., AWS, Google Workspace) with strict access controls.
   – Access to data is limited to authorized personnel only and governed by user authentication protocols, including multi-factor authentication (MFA).
   – Internal file access is logged and monitored regularly for unauthorized activity.
3. Cybersecurity Controls
   We implement the following cybersecurity practices to protect against threats:
   – Firewall & Antivirus Protection: All company devices are protected with commercial-grade firewall and anti-malware software.
   – Secure Devices: Laptops, tablets, and mobile devices used for field operations are password-protected, encrypted, and automatically updated.
   – VPN Use: Remote access to internal systems and cloud platforms is restricted to VPN-secured connections. – Regular Updates: All software and firmware are kept up-to-date with the latest security patches.
   – Access Control: Role-based access ensures that employees only have access to the information necessary for their role.
4. Breach Detection & Incident Response
   In the event of a suspected or confirmed data breach:
   – Affected systems will be isolated and investigated immediately.
   – Clients whose data may have been affected will be notified within 72 hours of discovery.
   – We will document and report the incident in accordance with applicable data protection regulations.
5. Employee Training & Accountability
   – All employees and subcontractors are trained in basic cybersecurity practices, including secure data handling, phishing prevention, and incident reporting.
   – Confidentiality agreements are required for any personnel with access to client data.
6. Data Retention & Deletion
   – Project data is retained only for as long as necessary to fulfill contractual and legal obligations. – Clients may request deletion of their data at any time, subject to legal or regulatory constraints. – Secure deletion protocols are used to permanently remove data from storage systems when no longer needed.
7. Compliance
   Drone Inspect NYC adheres to applicable data protection regulations and industry standards, including: – FAA regulations
   – New York City Local Laws (e.g., LL11, LL126)
   – General Data Protection Principles as applicable to client rights
8. Client Rights
   Clients have the right to:
   – Request access to personal or project-related data – Request correction or deletion of stored data
   – Inquire about how their data is stored and protected

Requests can be submitted to: [service@droneinpsectnyc.com]