Security
We handle airline operations and passenger data with the highest standards of security, privacy, and compliance.
Compliance & Certifications
SOC 2 Type II
We are certified under SOC 2 Type II, independently audited to verify our security controls for availability, confidentiality, and data integrity.
PCI DSS
Our payment processing infrastructure complies with PCI DSS requirements, ensuring cardholder data is handled securely across all transactions.
GDPR
We follow GDPR principles for data protection and privacy, giving passengers and airline partners control over their personal information.
Security Practices
- Encryption in transit & at rest. All data is encrypted using TLS 1.2+ in transit and AES-256 at rest.
- Access control. Role-based access with SSO and MFA enforced for all employees.
- Endpoint security. All company devices are managed via MDM with full-disk encryption, automatic updates, and endpoint monitoring.
- Infrastructure security. Cloud infrastructure hosted on leading providers with network segmentation, firewalls, and continuous monitoring.
- Secure development lifecycle. Code reviews, automated security testing, and vulnerability scanning integrated into our CI/CD pipeline.
- Incident response. Documented incident response plan with defined roles, escalation procedures, and post-incident reviews.
- Vendor management. Third-party vendors are assessed for security posture before onboarding and monitored continuously.
- Business continuity. Disaster recovery and backup procedures are tested regularly to ensure service availability.
- Employee security training. All team members complete security awareness training upon onboarding and annually thereafter.
- Background checks. Background verification conducted for all employees with access to sensitive systems and data.
Trust Center
View our real-time compliance status, request documentation, and download our security reports.
How We Handle Your Data
Transaction Data
Payment and order data are processed in PCI-compliant environments. We never store full card numbers on our servers.
Passenger Data
Personal data is processed only as required for service delivery, with strict retention policies and anonymization where possible.
Airline Partner Data
Operational data from airline partners is isolated per tenant with strict access controls and audit logging.
Security Questions?
If you have questions about our security practices or need to report a vulnerability, contact us at: [email protected]