Security & Privacy

Your data is safe with us. We use state-of-the-art security standards to protect your personal information and flight data.

End-to-End Encryption

All data transmissions are encrypted with TLS 1.3. Your data is fully protected during transmission.

Secure Authentication

Multi-factor authentication and secure session management protect your account from unauthorized access.

Data Isolation

Row-Level Security ensures that only you can access your own data.

Our Security Measures in Detail

Data Encryption

  • TLS 1.3 encryption for all data transmissions
  • Encrypted data storage in cloud infrastructure
  • Secure API communication with JWT token authentication

Access Controls

  • Row-Level Security (RLS) for strict data isolation between users
  • Role-based access control (RBAC) for administrative functions
  • Automatic session timeouts on inactivity

Infrastructure Security

  • Hosting in ISO 27001 certified data centers
  • Regular automatic backups with point-in-time recovery
  • DDoS protection and Web Application Firewall (WAF)

Application Security

  • Parameterized SQL queries to prevent SQL injection
  • Input validation and sanitization of all user inputs
  • Content Security Policy (CSP) to protect against XSS attacks

Data Protection Principles

Data Minimization

We only collect data that is necessary for operating the service.

Data Sovereignty

You retain full control over your data and can export or delete it at any time.

Transparency

Complete transparency about the processing of your data in accordance with GDPR.

Purpose Limitation

Your data is used exclusively for the stated purpose.

Compliance & Standards

We comply with the following standards:

  • GDPR compliant
  • ISO 27001 standards
  • SOC 2 Type II compliance
  • OWASP Security Guidelines

Regular reviews:

  • Annual security audits
  • Penetration testing
  • Code reviews
  • Vulnerability scanning

Security Incidents

In the unlikely event of a security incident:

  • Immediate notification of affected users within 72 hours
  • Transparent communication about the nature and scope of the incident
  • Immediate initiation of countermeasures
  • Complete documentation and reporting to supervisory authorities