Security & Compliance
Your Data, Protected.
Built for Aviation-Grade Trust.
AeroVectra processes sensitive aviation compliance data including AOCs, ARCs, insurance certificates, and crew credentials. Our security architecture is built from day one for enterprise operators, GDPR compliance, and EU data sovereignty — because in ACMI, trust is the contract.
GDPR Compliance
EU General Data Protection Regulation
- All data processed and stored exclusively in the European Union
- Right to erasure — request full deletion of your organization's data at any time
- Data Processing Agreement (DPA) available on request for all paying customers
- Data Protection Officer (DPO): dpo@aerovectra.com
Infrastructure & Encryption
AWS, Supabase, and Google Cloud Stack
- Database: Supabase on AWS eu-central-1 (Frankfurt) — SOC 2 compliant infrastructure
- AI Processing: Google Cloud europe-west1 (Belgium) — Gemini API
- Encryption in transit: TLS 1.3 on all connections (HTTPS / WSS)
- Encryption at rest: AES-256 for all database storage and backups
- Backend hosted on Render (AWS us-east-1) with auto-scaling and redundancy
Availability & Access Control
99.9% Uptime SLA for Enterprise Plans
- 99.9% uptime SLA included on Professional and Enterprise plans
- Row-Level Security (RLS) on all data tables — organizations only see their own data
- Role-based access control (Owner / Admin / Member) with granular permissions
- API key authentication for programmatic access with scope limitations
Report a Vulnerability
We take security seriously.
If you discover a security issue in AeroVectra, please report it to our security team immediately. We commit to acknowledging your report within 24 hours and providing a fix timeline within 72 hours.
security@aerovectra.com