Taranis Data Security and Retention

Taranis Data Security and Retention

Data Security


Taranis is committed to providing its customers with a highly secure and reliable environment for our data operations and cloud-based applications. We have therefore developed a multi-tiered security model that covers all aspects of hosted and cloud-based Taranis systems. The security model and controls are based on international protocols and standards and industry best practices.

As part of the company’s focus on security issues, Taranis employs security-oriented management staff including a Chief Technology Officer, a VP R&D and a Chief Innovation Officer as well as cloud platform and data & services team with responsibility for:

  • Applying the security model to all system tiers

  • Monitoring and analyzing the infrastructure for suspicious activities and potential threats

  • Issuing security reports to Taranis management 

  • Dynamically updating the security model and addressing new security threats

In addition, a Taranis joint committee, including representatives from product management and R&D is committed to:

  • Systematically examining the organization's information security risks, considering threats and vulnerabilities

  • Designing and implementing a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address the risks that are deemed unacceptable

  • Adopting an overarching management process to ensure that the information security controls continue to meet the organization's evolving information security needs

Taranis utilizes private storage “buckets” in the Google  Cloud Platform. Additional Google Cloud security, privacy and compliance policies can be found here:

Operational and Information Security 

Taranis has implemented a strict set of procedures throughout the entire data life-cycle, to ensure all captured data is security processed, stored and made available only to authorized users. These include:

  • Drones or planes taking images in the field based or precalculated routes, and the captured imagery is stored only on a local memory card.

  • At the end of the flight, the certified pilot uploads the images using a Taranis provided laptop as well as using a secured Taranis-developed application.

  • The data is uploaded into predefined, Taranis owned, private buckets in the Google Cloud Platform (GCP).

  • Stored data in the Google Cloud Platform can be accessed only via a dedicated secured service and made available to customers using the Taranis web and mobile interface based on individual user permissions.

Application Security

The following items are relevant for the application access control:

  • Access control – Access to the Google Cloud Platform buckets is limited, based on role and responsibility and is only available to permitted users for maintaining and supporting customers

  • Authentication – Taranis also enforces a Google based multi-factor authentication including a strict role-based password policy. For Taranis web and mobile apps, user passwords are stored in an encrypted form, using a one-way encryption method based on an industry-standard hash algorithm. Only the application is able to compare the hashed and entered passwords. 

  • Data encryption: based on the Google Cloud platform, it encrypts data in transit between our facilities and at rest, ensuring that it can only be accessed by authorized roles and services with audited access to the encryption keys. Additional details provided below.

Data Encryption at Rest

Taranis uses the Google Cloud Platform for storage. 

  • Google Cloud encrypts all customer content stored at rest, without any action from the customer, using one or more encryption mechanisms.

  • Google Cloud encrypts all customer content stored at rest, without any action required from the customer, using one or more encryption mechanisms.

  • Data for storage is split into chunks, and each chunk is encrypted with a unique data encryption key. These data encryption keys are stored with the data, encrypted with ("wrapped" by) key encryption keys that are exclusively stored and used inside Google's central Key Management Service. Google's Key Management Service is redundant and globally distributed.

  • All data stored in Google Cloud is encrypted at the storage level using AES256, with the exception of a small number of Persistent Disks created before 2015 that use AES128.

  • Google uses a common cryptographic library, Tink, which incorporates our FIPS 140-2 Level 1 validated module, BoringCrypto, to implement encryption consistently across almost all Google Cloud products. Consistent use of a common library means that only a small team of cryptographers needs to implement and maintain this tightly controlled and reviewed code.

Detailed information can be found here: https://cloud.google.com/docs/security/encryption/default-encryption 

Data Encryption at Transit

  • Google employs several security measures to help ensure the authenticity, integrity, and privacy of data in transit.

  • Google encrypts and authenticates data in transit at one or more network layers when data moves outside physical boundaries not controlled by Google or on behalf of Google. All VM-to-VM traffic within a VPC network and peered VPC networks is encrypted.

  • Google applies default protections to data in transit. For example, we secure communications between the user and the Google Front End (GFE) using TLS.

  • Detailed information can be found here: https://cloud.google.com/docs/security/encryption-in-transit 

Data Retention


Taranis is committed to protecting our systems, information, and our customers’ information. The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by Taranis or are of no value are discarded at the proper time. This policy defines the retention requirements for Taranis service data. This policy applies to all Taranis employees or contractors working on behalf of Taranis.

Taranis service data includes all Acquired Imagery, Generated Data and Insights, and User-provided Data.

Acquired Imagery includes satellite and drone imagery acquired on serviced acres. User-provided Data includes any information uploaded to Taranis systems by users, including field boundaries, planting dates, crop hybrids, etc. Generated Data and Insights includes insight scores, severity, heat maps, and all other information generated from the Acquired Imagery, User Provided Data, and other data sources such as weather history.  


Taranis will define a reasonable retention policy for all systems and data in use within the organization and will document them in the Retention Requirements below.


Employees and Contractors

All employees who create and use records and information are responsible for maintaining Taranis Records according to this Policy.

Management and Business Units

All levels of management within Taranis are responsible for ensuring compliance with this Policy within their respective group, region, or function.

Retention Requirements

Taranis will retain data files in compliance with the retention periods stated below:

  • Acquired Imagery will be retained for the current season and 2 additional seasons; for example, during the 2024 season imagery will be available from the 2024, 2023 and 2022 seasons.

  • Generated Data and Insights will be retained as long as a current contract is in effect; after contract termination, data will be retained for a period of 30 days.

  • User-provided Data will be retained as long as a current contract is in effect; after contract termination, data will be retained for a period of 30 days.

The retention periods provided in this policy are intended to be as short as possible to minimize the volume of Taranis Records while still complying with legal, contractual, and/or operational requirements. Records will be kept only for the period stated in the policy and Taranis reserves the right to destroy or discard the data at the stated retention period expiration.

Safeguarding of Data

Measures will be taken to ensure that the information can be accessed by authorized users during the retention period (both with respect to the information carrier and the readability of formats). 

Disposal of Data

As data expires according to the retention policy, Taranis reserves the right to delete or otherwise destroy the data in accordance with its classification and destruction requirements.

Policy Enforcement

The Taranis Vice President of R & D is responsible for ensuring compliance with this policy and will assist with the protection of Taranis data.

Any employee found to willfully or intentionally violate this policy may be subject to disciplinary action, up to and including termination of employment.

    • Related Articles

    • Taranis Security And Privacy Incident Response Policy

      Taranis Security And Privacy Incident Response Policy Purpose and Scope The purpose of this policy is to ensure that Taranis reacts appropriately to any actual or suspected security or privacy event regarding Taranis systems and/or data and that all ...
    • Taranis Business Continuity Planning (BCP)

      Business Continuity Plan Overview Taranis systems Business Continuity Plan is a comprehensive statement of actions to be taken before, during and after a disaster. This plan is designed to reduce the risk to an acceptable level by ensuring the ...