Your data is the asset. We treat it that way.
An aerial survey of your facility is a map of how it fails. Jinki was built by an enterprise security and cyber risk practitioner — CISSP, CCSP, and AI-security certified (AAISM), formerly at Deloitte — so the controls below aren't a compliance afterthought. They are the operating procedure, in force today, on every engagement.
The controls, in force today.
No aspirational language. Each row below describes how client data is handled right now — and each is verifiable in the engagement record.
Encrypted at rest and in transit
Every dataset is encrypted with AES-256 at rest and TLS 1.3 in transit. Keys rotate on a managed schedule, and decryption requires explicit authorization at every layer.
Mutual NDA by default
A mutual NDA is executed before we see your site, your schematics, or a single frame of imagery. Not on request — the default for every engagement.
Your data can stay on your site
For facilities with data-residency requirements, analysis runs on-premises. Imagery can stay inside your network, and we leave nothing behind when the engagement ends.
Chain of custody on every dataset
From capture to delivery, each dataset carries a documented chain of custody — who handled it, when, and why. The log is available for your review at any point.
Access is scoped, logged, revocable
Role-based access enforced on least privilege. Multi-factor authentication is mandatory with no exceptions, and every action is timestamped and auditable.
You set the retention clock
Retention follows your policy, not ours. When your window closes, data is verifiably destroyed and the destruction is documented back to you.
Licensed, authorized, insured.
FAA Part 107
Every flight is conducted under FAA Part 107 by a certificated remote pilot. Operations follow written procedures, not improvisation.
Washington, DC SFRA
Authorized to operate inside the DC Special Flight Rules Area — airspace that demands documented clearance for every mission we fly there.
$5M coverage
Five million dollars in liability coverage stands behind every engagement, sized for critical-infrastructure work.
Insurance proof on request
A certificate of insurance is available before contract signature. Ask, and it arrives with the engagement plan.
Found something? Tell us.
We welcome good-faith security research. Report a vulnerability in our systems to [email protected] with steps to reproduce, and we aim to acknowledge within 48 hours, share a remediation timeline, and credit you if you want credit. We take no legal action against good-faith researchers — allow us reasonable time to remediate before publishing.
Controls built on NIST 800-53. Documented in our security brief. SOC 2 Type I audit on our roadmap.
Security review before signature.
Detailed architecture documentation and data-handling procedures, provided under NDA — before you commit to anything.