Security & Vulnerability Disclosure
How to report a vulnerability in Terrestream products or services. Public VDP referenced in Terms §16 and §22.5 (Appendix F).
How we protect your data
The measures below are the technical and organizational controls in our Data Processing Agreement. They reflect what is true today.
- Customer data is processed on infrastructure located in the United States.
- Encryption in transit using TLS 1.2 or higher, and at rest using AES-256 or equivalent.
- Role-based access control and least privilege, with multi-factor authentication for administrative access.
- Logging, monitoring, and intrusion detection across production systems.
- Periodic penetration testing and vulnerability scanning by qualified testers.
- A secure software development lifecycle with code review, dependency scanning, and pre-release security testing.
- Vendor diligence on each sub-processor before onboarding and periodically thereafter.
- An incident response procedure aligned with the breach notification terms of our DPA.
Local-first operation means readings and alerts continue on your own network during a cloud outage, and you can export your data as CSV, API, or PDF at any time.
Attestations and documentation
A SOC 2 Type II report is in progress. Today we provide, on request and under NDA, a summary of our technical and organizational measures, a completed security questionnaire, and an executed Data Processing Agreement. Single sign-on and SCIM provisioning are on the roadmap. Organization accounts use role-based access with multi-factor authentication now.
Read the Data Processing Agreement, the sub-processor list, and our Privacy Policy. To start a vendor security review, contact our team.
Longevity pledge
Terrestream is designed to keep useful local air monitoring working even if you never subscribe, and even if cloud services change later.
- Local display: the device measures and shows live room readings without a paid plan.
- Local integrations: Home Assistant discovery, MQTT, and a local HTTP API are available for local workflows. Matter ecosystems are bridged through Home Assistant.
- Portability: history export is available from supported dashboard/API workflows, with Business scheduled CSV/API/PDF exports for commercial customers.
- No subscription lock-in: Free includes the core device, web dashboard, mobile app, 90-day history, outdoor-data fusion, local smart-home flows, and core AI insights. Pro extends history, collaboration, advanced analysis, automations, and notifications.
- EOL policy: no End-of-Support or End-of-Life date is scheduled. If one is ever announced, the standalone display continues, with export windows and refund handling governed by the published EOL policy.
Trust ledger
| FCC / ISED | Radio module documentation is published in Regulatory (FCC / ISED): FCC ID 2AC7Z-ESPS3WROOM1, IC 21098-ESPS3WROOM1. Final end-product SDoC and labeling are completed before shipment. |
|---|---|
| SOC 2 | Type II program in progress; security evidence package available under NDA for commercial evaluations. |
| Warranty | 1-year limited hardware warranty. |
| Power | USB-C PD with UL-listed power supply in the box. |
| VDP | Public vulnerability disclosure policy and security.txt are available. |
| Data portability | Local API/MQTT/Home Assistant plus account data export paths documented in Tier Features and Terms §11.2. |
| IP | Terrestream marks and patents pending. |
Data portability and local operation
Terrestream publishes local readings for local automations, and account data can be exported through supported dashboard/API workflows. Formal tier terms live at /legal/tier-features.
What we are not promising
This pledge is not a promise of user-flashable firmware, source-code escrow, or a final cloud-free firmware release. It is a practical commitment to local operation, exportability, and clear EOL handling.
Reporting channel
Open a security disclosure with reproduction steps. PGP key is published at /.well-known/security.txt per RFC 9116.
Safe harbor
Good-faith research that follows this policy will not result in legal action by Aerodyne. Avoid privacy violations, data destruction, and service disruption. Do not interact with accounts other than your own.
Acknowledgment timing
We acknowledge reports "within a reasonable period" per Terms §16.5. We will keep you updated on triage status and a mutually-agreed coordinated disclosure timeline.