Legal
Ravn Robotics develops software that controls physical machines in defense, industrial, and critical infrastructure environments. The security of that software, the integrity of the systems it runs on, and the protection of the data it generates are foundational to everything we do.
Security at Ravn is not a separate function. It is a property of how we build, deploy, and operate our technology.
Ravn's autonomy stack is built with software supply chain integrity as a core requirement. We control our build pipelines, sign our releases, and verify the integrity of every artifact deployed to customer environments. We track and patch dependencies under active maintenance and respond to disclosed vulnerabilities through a structured process.
Our software is designed to be deployable in environments with strict provenance, certification, and audit requirements.
Ravn-enabled machines run autonomy on the device. Decisions are made locally. Sensitive perception data and operational telemetry do not need to leave the platform to enable autonomous behavior.
This architecture has security advantages by design. Less data in transit means less data exposed. Less dependency on cloud infrastructure means fewer remote attack surfaces. Operations continue in environments where network connectivity is degraded, denied, or untrusted.
When data is shared — across coordinated machines, with operator command systems, or with customer infrastructure — it is shared under operator control, on operator-approved channels, with appropriate cryptographic protections.
We support customers operating in environments with strict operational security requirements — including defense, critical infrastructure, and regulated industrial settings. Our software supports:
We do not require customers to route operational data through Ravn-controlled infrastructure. Deployments are configured to align with the customer's security posture, not against it.
Ravn processes data in three primary contexts: the website, customer engagements, and deployed systems.
Website data is described in our Privacy Policy. Customer engagement data is governed by the agreements we sign with customers. Deployed system data is controlled by the customers operating those systems.
For deployed systems, customers retain ownership and control of their operational data. We do not collect, transmit, or process customer mission data outside the boundaries explicitly defined in the engagement.
For research, model improvement, or product development, we use only data that customers have explicitly authorized for that purpose, under terms agreed in advance.
If you have identified a security vulnerability in Ravn software, documentation, or infrastructure, we want to hear from you. We take security reports seriously and will work with reporters in good faith to investigate, validate, and remediate confirmed issues.
To report a vulnerability:
Contact: security@ravnrobotics.com
Please include a clear description of the issue, steps to reproduce, and any supporting information. We commit to acknowledging valid reports promptly and coordinating disclosure responsibly.
Security is not a static property. We continue to invest in the practices, tools, and people required to build and operate software for the environments our customers deploy it in.
For questions about Ravn's security practices, deployment options, or engagement requirements, contact us at security@ravnrobotics.com.
