Putting Your Data Security First

DJI is driven by the relentless pursuit of making complex technology accessible to all. Nowhere is this commitment more visible than in how we help commercial, civil, and government users around the world to find innovative ways to use our technology, bringing value throughout a wide range of industries.

Given the unique role drones play as a data capture device, we understand how important data security is to our commercial, civil and government customers. That’s why we give our users control over the data they generate. We buttress this commitment by providing in-depth information on how DJI drone platforms protect the data of our customers, and outlining the strategies and processes we use to continually improve information security.

How You Control What Data DJI Can Access

DJI will not access any user data unless the user grants DJI permission to do so.

Users can choose to grant or revoke permissions anytime in the "Network Security Mode" settings¹. Such permissions include access to device information, flight records, device logs, approximate location information, user experience improvement program information, and whether DJI can share your device location with third-party map service providers in order to display your location on the map.

You can enable "Local Data Mode" to use your device completely offline. In this case, you do not need to log in to your DJI account². Installer packages to upgrade your device can be downloaded directly from the DJI website³. Soon, we will release features such as custom offline maps and offline import of certificates to unlock restricted zones⁴.

Data Encrypted for Enhanced Security

Data transmitted between the drone and the controller on the ground is protected by the AES-256 encryption algorithm. The communication between the DJI Pilot app and the server is also protected by HTTPS or WebSockets over SSL/TLS (WSS) protocol to prevent hijacking by third parties.

Secure Device Media Storage

DJI Mavic 2 Enterprise drones support a password protection mechanism for onboard data storage to guarantee the security of sensitive images and resources. The Matrice M300 RTK and Zenmuse H20 combo also supports SD card storage encryption⁵. When the password function is enabled, data stored in the SD card or onboard storage can be accessed only after the user-defined password is provided. The user-defined password is not shared with DJI, which means DJI cannot retrieve this password if you forget it.

Cloud Data Storage Security

DJI's data centers are built on Amazon Web Services (AWS) and Alibaba Cloud. Alibaba Cloud is used only for customers in Mainland China. Amazon Web Services is used for all other regions.

DJI users are not required to store any data with DJI. If they choose to do so, their data is kept in DJI's data centers which are equipped with a multi-layer protection mechanism. DJI will not transmit users' personal information or data across data centers or share any data with any third parties. Sensitive information such as email addresses, mobile numbers, and location information is given additional AES-256-CBC encryption.

Erasable Data

Users can choose to erase any data generated during their use of DJI devices. To erase your data, go to the DJI Pilot app to clear the logs and cache⁶ on your device and the app, or restore the device to factory settings⁷. If you decide not to use DJI’s services anymore, please email support@dji.com to ask DJI to delete all the data associated with your account.

Third Party Security Audits

The truth about DJI’s drones and software systems has been repeatedly examined and confirmed by trusted U.S. cybersecurity firms FTI Consulting, Booz Allen Hamilton, and Kivu Consulting, as well as U.S. federal agencies including the Department of Defense, Department of Interior, Department of Homeland Security and National Oceanic and Atmospheric Administration. A summary of the report is available at this link.

Drone technology will always face scrutiny when used in sensitive or secure operations, just like other technology products – and rightfully so. As governments and enterprises set security standards for drone use, DJI’s goal is to meet or exceed those standards.

Requests for further information

We want our stakeholders to be educated and engaged about how DJI protects their data, and we want to fully understand our customers’ needs and concerns.

We are always available to discuss data security concerns with your operations and security teams:

DJI platform architecture

A technical briefing by DJI’s R&D team that covers platform morphology and data security considerations.

Data security briefing

A review of DJI’s approach to data security and actions to date.
Get in touch with DJI’s data security team at datasecurity@dji.com.

Note

1, 2, 3, 5, 6, and 7: This feature is supported by Matrice M300 RTK V3 firmware.

4: This feature will be supported by Matrice M300 RTK V4 firmware.