Contact us Log in REQUEST A DEMO
PLATFORM

Propeller A single, cloud-powered map that brings your plans, data, and team together
Map
Measure + manage

HARDWARE

DirtMate Real-time machine guidance for precise, efficient earthmoving
AeroPoints High-accuracy ground points for faster, reliable surveys
Drone & hardware integrations Connect Propeller with your existing tools seamlessly

PROCESSING

Propeller PPK Survey-grade positioning for trusted drone measurements
Photogrammetry Turn aerial images into detailed 3D maps
LiDAR Capture precise, high-density data for any terrain

PLATFORM

Propeller A single, cloud-powered map that brings your plans, data, and team together

INDUSTRIES

Construction
Mining
Aggregates
Waste management
Survey + engineering

CAPABILITIES

Site checks + analytics
Volume calculations
Progress tracking
Machine telematics
Field communication + collaboration
Daily Reporting
Machine productivity

CONNECT

Community
Training + support

LEARN

Blog
Knowledge Base

PEOPLE

Careers
About Us

Products
PLATFORM

Propeller A single, cloud-powered map that brings your plans, data, and team together
Map
Measure + manage

HARDWARE

DirtMate Real-time machine guidance for precise, efficient earthmoving
AeroPoints High-accuracy ground points for faster, reliable surveys
Drone & hardware integrations Connect Propeller with your existing tools seamlessly

PROCESSING

Propeller PPK Survey-grade positioning for trusted drone measurements
Photogrammetry Turn aerial images into detailed 3D maps
LiDAR Capture precise, high-density data for any terrain

Solutions
PLATFORM

Propeller A single, cloud-powered map that brings your plans, data, and team together

INDUSTRIES

Construction
Mining
Aggregates
Waste management
Survey + engineering

CAPABILITIES

Site checks + analytics
Volume calculations
Progress tracking
Machine telematics
Field communication + collaboration
Daily Reporting
Machine productivity

Resources
CONNECT

Community
Training + support

LEARN

Blog
Knowledge Base

PEOPLE

Careers
About Us

Customers Contact us
REQUEST A DEMO Log in

Propeller Platform Security

We take the security of your data seriously.

Quick links

Physical security

Server and network security

Propeller hosts the majority of its applications on the Amazon Web Services (AWS) platform. AWS provides state-of-the-art data center security that complies with industry standards such as SOC, PCI DSS, ISO 27001, and FedRAMP. All physical network and server security responsibility for these parts of the application is delegated to AWS. For more information regarding AWS’s physical security practices, check out their security documentation.

Propeller hosts its own fleet of on-premises servers for the intensive data processing tasks required to generate the 3D models that Propeller produces. These servers and their network are housed in a secure building, protected by:

  • Access Control: Self-closing, swipe-access doors and a locked physical barrier around the servers themselves.
  • Surveillance: All entrances and stairwells are monitored and recorded by security cameras.
  • Environmental Controls: Automated fire suppression systems and climate control systems are installed to ensure hardware longevity and stability.
  • Monitoring: The premises are alarmed outside of office hours with a back-to-base motion detection system. Server hardware is also continuously monitored for defects.

Office security

Our physical offices are secured with self-closing, self-locking doors only accessible by electronic swipe card. All access is securely logged, and we maintain a visitor log to track external guests. We only delegate control system access to select, trusted individuals.

Staff devices

All devices used by our staff members are required to meet strict security baselines, including:

  • Encryption & Access: Full-disk encryption, strong password protection, and automatic locking after short periods of inactivity.
  • Endpoint Protection: We use advanced AI-backed anti-virus and Endpoint Detection and Response (EDR) software on all workstations to prevent and detect potential breaches.
  • Policies: All staff must read and accept internal policies including Information Security, Acceptable Use, and Code of Conduct policies.
  • Training: All staff undergo security and privacy training at least annually. Software engineers participate in additional secure development training annually to stay current on the latest threat landscapes.

Network security

Propeller leverages AWS to provide isolated environments for our applications. Well-known clients who use Amazon to protect their data include NASA, Shell, Autodesk, British Gas, GE, Hitachi, Lafarge, Trimble, and the US State Department.

Firewalls and Monitoring

  • Firewalls: We use network firewalls to restrict access based on the principle of least privilege. By default, all access is denied, and only explicitly allowed ports and protocols are permitted.
  • Web Application Firewalls (WAF): Dedicated WAFs protect HTTP-based services through rate limiting and packet inspection for malicious payloads like SQL injection and cross-site scripting (XSS).
  • Distributed Denial of Service (DDoS) protection: We utilise AWS’ vast network infrastructure and advanced DDoS protection capabilities to prevent denial of service attacks from taking down our applications.
  • Intrusion Detection: All network traffic and API calls to underlying AWS infrastructure are securely logged and continuously analyzed using machine learning and threat intelligence feeds. If suspicious behavior is detected, an alert is sent immediately to our security team.

Infrastructure Integrity

  • Change Control: We maintain configuration in code to ensure transparency. All changes are checked into version control, reviewed for security and scalability, and thoroughly tested in a staging environment before production.
  • Server Isolation: Servers are isolated in private subnets. Access is only possible via a hardened bastion host, which narrows attack vectors and ensures all administrative access is logged.
  • Configuration Monitoring: Propeller maintains secure configuration baselines and continually monitors for non-conformance, ensuring swift remediation of any deviations.

Server security

  • Security Patching: Propeller’s servers are automatically and continuously patched with the latest security updates to minimize exposure to known vulnerabilities.
  • Disk Encryption: We employ full-disk encryption to ensure data is not accessible to others, protecting the data both during its lifecycle and at the time of disk disposal.
  • Endpoint Defense: Like our staff workstations, all servers utilize advanced AI-backed anti-virus and EDR software to proactively monitor for and block malicious activity.

Application security

Propeller follows a strict Software Development Life Cycle (SDLC) to ensure code quality and security.

Design and Development

New features and changes are thoroughly architected and designed. Once approved, development begins and all code is checked into source control.

Review and Testing

All code changes are subject to peer review for quality, performance, and correctness. Code is also reviewed from a security standpoint, adhering to OWASP Top 10 guidelines. Following review, changes are deployed to a staging environment for rigorous feature and regression testing by developers and our QA team.

Production Release

When testing is complete, changes are deployed for customer use. We utilize feature flags to enable fast rollback of any deployments that may cause issues. Large or experimental changes may be deployed as beta features for a limited time, giving users the option to turn these features on or off.

Post-Release and Emergencies

Feedback and bug reports are gathered from customers, and fixes are made as appropriate. In rare situations where changes must be applied quickly to fix bugs or recover from an incident, some steps may be skipped; however, all changes are subject to retrospective review and testing once operations return to normal.

Authentication and authorisation

Passwords and MFA

  • Encryption: Your password is never stored in plain text. All passwords are salted and hashed using the bcrypt algorithm, as recommended by the National Institute of Standards and Technology (NIST).
  • Complexity: Passwords must be at least nine characters long, contain lower case, upper case, a number, and a special character, and must not exist in this list of top 10,000 most common passwords.
  • Breached Password Protection: We utilize mechanisms that notify users if their password has been detected in a third-party data breach and prevent them from setting a password known to be compromised.
  • Multi-Factor Authentication (MFA): Propeller supports MFA through Single Sign-On (SSO) integrations (OAuth2, OpenID Connect, SAML) and also supports Passkey authentication. All Propeller employees are required to use MFA.

Single sign on (SSO)

Users with Microsoft, Google, or Trimble Connect accounts may use the built-in “Sign in with” buttons for a zero configuration SSO experience. Customers can also integrate their own providers (e.g. Microsoft Entra, Okta, Ping Identity) using OAuth2, OpenID Connect, or SAML protocols.

Login Security

Propeller utilizes brute force protection, bot detection, and suspicious IP throttling to prevent unauthorized access. All logins are logged. Once a user is logged in, session tokens are stored as secure, HTTP-only cookies; these cookies expire after two weeks, which automatically logs users out.

Vulnerability mitigation

  • Dependency Analysis: Static analysis is run on all code repositories and containers to scan for known vulnerabilities in the National Vulnerability Database (NVD).
  • External Scanning: In addition to annual third-party penetration tests, Propeller uses software to continually perform external scanning of our web applications for vulnerabilities.
  • Data Sanitization: To prevent SQL injection and XSS, all data entered into databases or rendered to HTML is appropriately sanitized, and WAFs block requests containing malicious payloads.
  • Logging: All requests are securely logged (excluding confidential data) to provide an audit trail for investigating potential threats.

Availability and Scalability

Propeller endeavors to maintain a 99% yearly uptime.

  • High Availability: We replicate all compute and database functions across multiple, geographically separated AWS availability zones. Our processing systems automatically fall back to AWS servers if on-premises machines are unavailable.
  • Scalability: We leverage AWS’s effectively infinite scalability and demand-based autoscaling to meet any level of survey-grade data processing demand.

Governance and Resilience

Compliance and Risk

  • SOC2 Type 2: Propeller maintains SOC2 Type 2 compliance and we undergo annual external audits to maintain compliance.
  • Risk Management: We maintain a risk register that is regularly reviewed and actioned by leadership.
  • Vendor Management: We review software vendors using a risk-based approach before purchase and at least annually. We maintain contractual agreements that ensure secure data handling and sign GDPR-compliant Data Processing Agreements (DPAs) where necessary.

Disaster Recovery and Business Continuity

Propeller maintains formal Incident Response and BCDR plans. These are reviewed and tested through tabletop exercises and recovery procedures at least annually.

  • Post Mortems: For any incident, we conduct a root cause analysis and document lessons learned. We devise and implement strategies to prevent or mitigate recurrence.
  • Data Durability: Data in Amazon S3 has 99.999999999% durability. We use object versioning and continuous Amazon RDS backups to ensure point-in-time recovery.

Trust Center

Customers can request our SOC2 report, BCDR plans, and other detailed security documentation through our Trust Center.

Information Security and Privacy

Data Storage and Transmission

All data is encrypted in transit over HTTPS (minimum TLS 1.2) and at rest using AES-256. Encryption keys are managed and rotated yearly via AWS KMS.

All data for processing or display is uploaded to an S3 bucket located in the Australian AWS region. From here the data is transferred, with encryption, to on-premises or AWS servers in Australia or Singapore for processing. These servers store this data, with encryption, until it is no longer required for processing. Any outputs resulting from processing are pushed to an S3 bucket in the AWS region closest to the customer, which may be in one of several sites across the globe.

Available storage locations include India, South Korea, Singapore, Australia, Japan, Canada, Germany, Ireland, England, France, South America, and the United States of America. Propeller does not store any customer data in Russia or China. Metadata and other platform data are stored in RDS databases located in a US-based AWS region.

Data Retention and deletion

Propeller will retain customer data for the duration of their contract or until the customer deletes their data from within the platform. At the termination of the contract, customers are given a reasonable period of time in which to download their data from Propeller. After this grace period the data will be securely and permanently deleted.

Privacy and GDPR

Propeller complies with all local privacy laws, including the General Data Protection Regulation (GDPR). We recognize our responsibilities to handle personal data lawfully and transparently, upholding rights to access, rectification, and erasure. To learn more about our GDPR compliance, please read our Privacy Policy.

Artificial Intelligence (AI) and Machine Learning

While the core workflows within the Propeller Platform do not utilize Artificial Intelligence, we have introduced select features that leverage these technologies to enhance user insights and efficiency.

Data Privacy and Model Hosting

To maintain strict data privacy, Propeller’s products utilize self-hosted models. We do not pass customer data to third-party AI services.

Types of AI Utilization

We employ two distinct types of AI technology:

  • Machine Learning (ML): Used for automated object detection within survey imagery.
  • Large Language Models (LLMs): Used to help customers analyze and interact with their data through sophisticated natural language processing.

Training and Exposure Risk Mitigation

Propeller prioritizes data privacy to ensure there is no risk of data exposure:

  • LLMs: We do not use customer data to train our LLMs. This ensures that sensitive information is never incorporated into the model’s knowledge base.
  • Machine Learning: We may utilize customer de-identified data to train our machine learning algorithms; however, because these models are used exclusively for object detection and pattern recognition, there is no risk of exposing sensitive customer data through the model outputs.

Customer Control and Internal Use

Customers maintain full control over their experience and can choose not to use the LLM-driven features if they prefer their data not be processed by these models. Internally, Propeller employees only utilize AI products that explicitly do not use our corporate or customer data to train their models.