How to Securely Wipe DJI Drone Flight Data Before Trade-In to Comply with Israel Privacy Law

Why a Simple Format Won’t Satisfy Contemporary Privacy Law

Drone data is scattered. A DJI system typically stores information in four places:

1. The removable microSD card (photos, videos, some logs).
2. Internal storage on the drone’s flight controller or core board (flight records, calibration data, occasionally cached media).
3. The DJI mobile application on the phone or tablet you used to fly (complete flight logs, thumbnails, account binding).
4. The DJI cloud account — if you opted in to automatic flight‑log sync, a copy persists on DJI’s servers.

A standard “format SD card” or a drone factory reset through the app often leaves internal memory untouched or simply marks sectors as overwritable without actually erasing them. For laws modeled on the OECD privacy principles — Israel’s Protection of Privacy Law, 5741‑1981, the UK GDPR, Brazil’s LGPD, Nigeria’s NDPR, among others — the expectation is that personal data is destroyed or de‑identified when it is no longer needed for the purpose for which it was collected. Handing a drone to a new owner with recoverable footage or logs can be seen as a failure of that duty.

Step‑by‑Step Drone Data Wipe: A Practical Working Order

Before you pack the drone, work through these layers. This sequence has been tested against DJI’s published guidance on user‑data management and is a reasonable approach for lowering the chance of residual data exposure.

1. Sync and Delete Flight Logs from the App
   Open DJI Fly (or DJI GO 4) and ensure your flight records are synced to your DJI account if you want to keep them. Then, inside the app profile, select “Clear Cache” and, if available, “Delete All Flight Records.” This removes locally stored logs from the mobile device. Some app versions also offer a video cache setting — clear that as well.

2. Unbind the Drone from Your DJI Account
   With the drone powered on and connected, go to the app’s device management or account settings and choose “Remove Device from Account.” This step breaks the cryptographic pairing that ties the drone to your login. It also frees the drone for activation by the next owner without hitting account‑binding restrictions.

3. Address Internal Storage with DJI Assistant 2
   Download DJI Assistant 2 (Consumer Drones or Enterprise series, depending on your model) onto a computer. Connect the drone via USB, and look for a “Factory Reset” or “Data Erase” option under the firmware tab. On some models this wipes internal flight logs and any cached media that isn’t on the SD card. Run it even if you’ve already performed a reset via the app — this is a stronger, deeper housekeeping step. If a “Secure Erase” or multiple‑pass option exists, use it.

4. Format and Remove the microSD Card — Physically
   Use “SD Card Formatter” (or the DJI app’s format function) and perform a full format, not a quick format. If you are selling the drone with the card, this at least makes recovery more difficult. Better still: remove the card and keep it or destroy it, depending on your data retention needs. A new owner can buy a fresh card.

5. Check Drone Internal Memory via USB
   After formatting everything, connect the drone to a computer without an SD card inserted and browse accessible folders. If you still see media or log files, delete them, then empty the recycle bin before disconnecting.

6. Revoke Third‑Party Access
   Log in to your DJI account on a web browser and review “Authorized Devices” or “Third‑Party Apps.” Revoke any integrations that may retain flight telemetry (such as mapping software, drone‑fleet managers, or agricultural analysis platforms). This is particularly relevant if you’re trading in an agricultural or photogrammetry drone that was paired with field‑mapping services.

7. Request a Data Handling Confirmation from the Service Centre
   When you ship the drone to a refurbisher or repair shop — whether it’s Reboot Hub in China or a local facility — ask for a written statement acknowledging that any residual data found will not be accessed for purposes beyond repair and will be deleted before resale. This doesn’t eliminate risk, but it creates documented verification that both sides addressed the issue.

Comparison Table: Quick‑Format vs. Recommended Wipe Path

Table: The layers matter. No single step acts as a guarantee; the combination greatly lowers the chance that an identifiable dataset follows the drone.

If you’d rather not perform every check yourself, the Reboot Hub standard covers grading, multi‑point bench testing, and a 180‑day warranty so you can trust the hardware — while you stay in control of your data. See what we check here.

Israel’s Legal Environment and What It Means for Drone Trade‑Ins

Israel’s Protection of Privacy Law, together with regulations and guidance from the Privacy Protection Authority (PPA), sets out data‑security obligations for anyone handling personal information. When you pass a drone on — whether by trade‑in, sale, or repair shipment — you are effectively transferring a device that may contain “personal data” as defined under the law (identifiable images, location trails, property details). The PPA expects that you take reasonable measures to prevent unauthorized access.

Practically, this means:

• Data deletion should be “thorough” and appropriate to the sensitivity of the information. A real‑estate inspection drone that captured apartment interiors and license plates demands a higher cleaning bar than a unit flown only in empty fields.
• The processor (or repair centre) receiving the device should be contractually limited in how it handles any residual data.
• If a breach occurs because you sent a drone full of identifiable footage overseas without attempting to wipe it, regulators may question your data‑protection diligence.

Because laws can change and enforcement priorities shift, always check the Israeli Privacy Protection Authority’s latest publications or seek local counsel if you deal with highly sensitive footage. What we can say: the multi‑step approach described above is consistent with the “reasonable effort” principle seen across many privacy frameworks.

A Word on Other Jurisdictions Mentioned in Global Search Queries

The same core logic travels well:

• United Kingdom & GDPR: The Information Commissioner’s Office (ICO) guides controllers to erase data when no longer necessary. Wedding footage is clearly personal — full‑formatting internal storage, unbinding accounts, and physically removing media will satisfy the spirit of the “right to erasure” in most consumer trade‑in scenarios.
• Nigeria (NDPR): The Nigerian Data Protection Regulation requires appropriate technical and organizational measures to safeguard data. The step‑by‑step wipe and a request for a statement from the refurbisher are prudent before shipping a drone abroad.
• Kenya: The Data Protection Act, 2019, echoes similar principles. If an agricultural drone collected geotagged farm‑health images, treat those as personal data insofar as they can identify a land parcel owner.
• Chile and Peru: Both have laws inspired by the “protección de datos personales” model. Chilean operators sometimes ask for a “declaración de borrado de datos” when sending equipment to China for repair — a documented request that the service centre confirms data has been erased or will not be misused. Reboot Hub doesn’t offer a standalone “data deletion certificate” as a standard product, but we always encourage buyers to inquire and we can address those concerns within our communication.
• Mexico: Location metadata falls under personal data when tied to an identifiable individual. A drone sold with recoverable location trails could raise issues under the LFPDPPP, so the metadata wipe — performed by clearing flight logs and internal storage — is essential.
• Spain & fraud reporting: Some queries came from buyers who discovered un‑erased footage on a second‑hand drone purchased from China. If you find yourself on the receiving end of such a situation, and the device contains someone else’s personal data, the recommended path is to report the incident to Spain’s national cybercrime unit (Brigada de Investigación Tecnológica) or your local data protection authority. They can guide you on proper data disposal and whether the seller’s failure amounts to a violation. But as a seller, you hold the power to prevent that scenario by wiping thoroughly before shipping.

How Reboot Hub Handles the Devices It Receives

Every drone that enters Reboot Hub passes through three stations: check‑in evaluation, grading and repair, and final quality control. Our MOHRSS Level‑3 certified technicians perform chip‑level diagnostics and run a multi‑point bench test covering motor output, gimbal stability, IMU calibration, and transmission health. During these tests, the drone must power on and connect; this may expose any still‑present flight logs or media caches to the technician’s view.

We do not extract or back up user data as a standard part of the process, and our operating procedure instructs technicians to focus exclusively on hardware validation. Still, the strongest privacy posture is when a drone arrives already wiped. We support owners by providing the guidance on this page. If you ever want to discuss what happens with any device‑level data that survives your wipe, our team can answer questions during the trade‑in conversation.