Aloft Has Passed a SOC2 Type II and a ISO 27001 Audit

We undergo regular reliability and security verification practices.

Request our SOC2 Type II and ISO 27001 audit report

Security Throughout the Data Lifecycle

Account Access

We offer single sign-on (SSO), two factor authentication (2FA) and multi-factor authentication (MFA) for additional security layers.

In Transit

All data from operator devices to Aloft servers is encrypted in transit using TLS 1.2.

Live Streams

Live audio and video streams are encrypted in compliance with the ISO 27001 standards.

UTM Traffic & Remote ID

Live aircraft telemetry and identification are encrypted in transit using TLS 1.2.

API Integrations

Airspace, mission planning, fleet management, and reporting APIs are encrypted using TLS 1.2.



All data files are stored and backed up in encrypted domestic AWS servers.


Network Monitoring

Aloft uses an Intrusion Detection System (IDS) that provides real-time network traffic and infrastructure event monitoring and flagging.

Aloft Keeps Data Local

When operators fly using Aloft mobile apps, sensitive flight data including location, authorizations, photos, and videos are not transferred to aircraft OEM data repositories.

We do this through default enablement of Local Data Mode. Data stays in the Aloft cloud using domestic AWS data storage.

Responsible Disclosure Policy:
Reporting a Security Vulnerability

If you’ve found a vulnerability or security flaw while using Aloft, let us know via email: To help us reproduce and fix the issue, please provide screenshots and as much information as possible.

Want to know more?

The Aloft InfoSec team is available to provide additional documentation, audit reports, and detail about how we secure our own infrastructure and your sensitive drone data.

Get in touch