Skip to main content

Security

Application

We make sure Flightcrew is secure by design, secured during development, secured with testing and review, and deployed securely.

  • Software dependencies are audited by Github’s Dependabot.
  • We make decisions that minimize our attack surface. Most interactions with Flightcrew are well-described in a gRPC API
  • Flightcrew forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard to ensure secure connections.
  • All user data is encrypted in transit and at rest.
  • All public Flightcrew APIs use TLS 1.3, the latest and safest version of the TLS protocol.
  • Internal code reviews are performed using a modern, PR-based development workflow (Github), and engage external penetration testing firms to assess our software security.

Corporate

We make sure all Flightcrew employees have secure access to Flightcrew company infrastructure. All exposed physical and digital channels to Flightcrew are secured.

  • Access to our services and applications is gated on a SSO Identity Provider (IdP).
  • We mandate phishing-resistant multi-factor authentication (MFA) in all enrolled IdP accounts.
  • We regularly audit access to internal systems.
  • Employee laptops are protected by full disk encryption and managed by a MDM vendor

Network and Infrastructure

We work to ensure a hardened, minimal attack surface for components we deploy on our network.

  • Flightcrew uses a Prometheus monitoring stack for logging and metrics
  • We conduct annual business continuity and security incident exercises.

Vulnerability Remediation

Security vulnerabilities that directly affect Flightcrew are patched or otherwise remediated within a timeframe appropriate for the severity of the vulnerability, depending on the public availability of a patch or other remediation mechanisms.

SOC 2

We have successfully completed a System and Organization Controls (SOC) 2 Type 1 audit and are currently going through our SOC 2 Type 2 audit process. Contact us at security@flightcrew.io for more details or access to the report.

PCI

Payment Card Industry Data Security Standard (PCI) is a standard that defines the security and privacy requirements for payment card processing.

Flightcrew uses Stripe to securely process transactions and trusts their commitment to best-in-class security. We do not store personal credit card information for any of our customers. Stripe is certified as “PCI Service Provider Level 1”, which is the highest level of certification in the payments industry.

Questions?

Email us! security@flightcrew.io