Data Security & Handling Policy.

All client project data is classified as Confidential and handled accordingly. This includes: raw aerial imagery, processed orthomosaics, digital surface models, point clouds, 3D models, volumetric calculations, thermal overlays, and all derived reports and deliverables.

• At rest. All project data is stored on AES-256 encrypted storage (AWS S3 with server-side encryption and Microsoft OneDrive with BitLocker-encrypted devices).
• In transit. All data transmission uses TLS 1.2+ encryption. File transfers use HTTPS, SFTP, or equivalent encrypted protocols. No project data is transmitted over unencrypted channels.

• Project data is accessible only to authorized Aetheris Intelligence personnel.
• AWS S3 access is controlled via IAM policies with MFA-protected root account and scoped IAM user permissions.
• Client portal access (portal.aetherisintel.com) is authenticated per-user with role-based permissions.
• No project data is shared with third parties without explicit written client authorization.

• Primary. Microsoft OneDrive for Business (processing workspace, Microsoft 365 E3-level encryption).
• Archive. Amazon Web Services S3 (us-east-2 region, AES-256 server-side encryption, versioning enabled, public access blocked).
• Field. DJI-encrypted SD cards during capture; data transferred to encrypted local storage within 24 hours of flight.

• Standard retention. 3 years from project completion date, after which data is automatically deleted via S3 lifecycle policy.
• Early deletion. Client may request early deletion at any time by written notice. Aetheris will confirm deletion in writing within 5 business days.
• Archival transition. Active project data (S3 Standard) transitions to archival storage (S3 Glacier Instant Retrieval) after 90 days for cost efficiency. Data remains retrievable within minutes if needed.

• AWS S3 provides 99.999999999% (11 nines) durability with automatic replication across multiple availability zones.
• OneDrive provides version history and recycle-bin recovery for 93 days.
• Local device backups occur on encrypted external drives stored in a secure location separate from primary equipment.

• Field equipment (drone, controller, SD cards, RTK base) is stored in a locked, climate-controlled space when not in use.
• No project data remains on SD cards after transfer to processing workstation.
• Processing workstation uses Windows BitLocker full-disk encryption with PIN + password authentication.

In the event of a data breach or unauthorized access, Aetheris will: (a) notify the affected client within 72 hours of discovery; (b) identify and contain the breach; (c) provide a written incident report within 14 days; (d) implement corrective measures to prevent recurrence.

• All data handling complies with Aetheris Intelligence's Non-Disclosure Agreement and Master Service Agreement terms.
• Aetheris does not store, process, or transmit Protected Health Information (PHI), Payment Card Industry (PCI) data, or Personally Identifiable Information (PII) beyond basic client contact details.
• Data handling practices align with NIST SP 800-171 guidelines for protecting Controlled Unclassified Information (CUI) where applicable to government subcontracting work.

Data security inquiries: info@aetherisintel.com · 417-342-1553.