Skip to main content

How is my data kept secure?

This article describes where GeoNadir data is stored, and the steps we take to keep your data secure.

Paul Mead avatar
Written by Paul Mead
Updated over a week ago

We understand the importance of data security and are building multiple layers of protection into all aspects of our platform.

Personal data

When users sign up to GeoNadir we only collect an email address. No other identifiable data is collected or required, unless provided by the user in their user profile.

Users then have full control over what other personal data they provide as part of their GeoNadir profile, and into dataset details.

Where is data stored?

Drone mapping data that users upload to GeoNadir is stored on AWS S3 servers in Sydney, Australia.

GeoNadir employs best practice data security protocols and is supported by AWS to conduct regular security audits on the GeoNadir database as hosted on AWS.

AWS S3 servers have a durability of 99.99999% on objects (raw data and processed data) stored. Should a customer want additional backups of their data conducted with AWS Backup services, then this can be achieved through a Pro+ Service Level Agreement. Pricing would be provided on a case-by-case basis.

Data uploaded does not have a backup copy created by default.

Account security

Identity management is controlled by two-factor authentication with users required to sign in via a code sent to the registered email address.

The login token is 'live' for 30 days, meaning that once logged in on a computer, then your account will be accessible for 30 days since last use, unless the user logs out.

Users should log out at the end of every session if using public or shared computers.

Users have control over how their datasets and projects are shared, with access controls to view, comment, or edit projects or to have broader rights within a workspace. These permissions can be revoked or amended by the workspace administrator at any time.

Data ownership

We are very conscious of data sovereignty and how this relates to IP.

Users on GeoNadir are bound by our Terms of Service and Privacy Policy, and have control over how their data is shared and accessed by others.

The raw images, along with the orthomosaics, digital surface and digital terrain models that we create from the raw images, are owned by the user that uploads them. We have no claim on ownership of this data.
​

The user has the option to make the data publicly available as open data on our FAIR Global map, or to keep the data private in their workspace. Users in paid workspaces choose how their data is shared.
​

We only create what is called derived data in our terms of service, from data that is shared to the FAIR global map and is publicly accessible. We are creating data label libraries to assist in things like feature detection models. These data label libraries are derived data. We do not use data that is stored as private in workspaces.

How is my credit card information kept secure?

All payment processing for subscriptions is handled by Stripe via their secure platform. GeoNadir does not store any credit card information on our platform.

Where else does GeoNadir store my information?

GeoNadir uses other marketing tools such as Google Mail, Intercom, Mixpanel, PipeDrive, Slack, and Kartra which receives data from the GeoNadir platform such as the user email, IP address, user actions on the platform (such as data uploads, project creation, email opens, etc). These tools support the user experience on the platform and allow us to communicate effectively with our users. No credit card information is shared with these tools.

Internal controls

GeoNadir employs internal controls to ensure the security of user data and the platform overall.

Prior to any new feature releases, testing is conducted in a test environment that is separate to the production environment. This ensures new features are stable prior to rolling out. Should errors occur in a feature release to the production environment, then a rollback can occur.

Access to user data, and permission around editing or removing this data from the database is limited to key staff. Datasets that are inadvertently deleted can be recovered within 30 days.

If you have any questions or concerns about your data security, then reach out to us at: [email protected]

Did this answer your question?