Security & Compliance

Your Data, Protected.
Built for Aviation-Grade Trust.

AeroVectra processes sensitive aviation compliance data including AOCs, ARCs, insurance certificates, and crew credentials. Our security architecture is built from day one for enterprise operators, GDPR compliance, and EU data sovereignty — because in ACMI, trust is the contract.

GDPR Compliance

EU General Data Protection Regulation

  • All data processed and stored exclusively in the European Union
  • Right to erasure — request full deletion of your organization's data at any time
  • Data Processing Agreement (DPA) available on request for all paying customers
  • Data Protection Officer (DPO): dpo@aerovectra.com

Infrastructure & Encryption

AWS, Supabase, and Google Cloud Stack

  • Database: Supabase on AWS eu-central-1 (Frankfurt) — SOC 2 compliant infrastructure
  • AI Processing: Google Cloud europe-west1 (Belgium) — Gemini API
  • Encryption in transit: TLS 1.3 on all connections (HTTPS / WSS)
  • Encryption at rest: AES-256 for all database storage and backups
  • Backend hosted on Render (AWS us-east-1) with auto-scaling and redundancy

Availability & Access Control

99.9% Uptime SLA for Enterprise Plans

  • 99.9% uptime SLA included on Professional and Enterprise plans
  • Row-Level Security (RLS) on all data tables — organizations only see their own data
  • Role-based access control (Owner / Admin / Member) with granular permissions
  • API key authentication for programmatic access with scope limitations

Report a Vulnerability

We take security seriously.

If you discover a security issue in AeroVectra, please report it to our security team immediately. We commit to acknowledging your report within 24 hours and providing a fix timeline within 72 hours.

security@aerovectra.com