WrightAviation Intelligence

Security Policy

Effective date: April 1, 2025

1. Our Commitment

Wright Aviation Intelligence takes the security of our platform and the data entrusted to us seriously. We continuously work to identify, assess, and mitigate security risks to ensure the confidentiality, integrity, and availability of our Service and your information.

2. Data Transmission Security

All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security). We enforce HTTPS across the entire platform and do not permit unencrypted HTTP connections to the Service.

3. Authentication and Access Control

  • User passwords are stored using industry-standard one-way cryptographic hashing; we never store plaintext passwords.
  • Session tokens are securely generated and expire after a period of inactivity.
  • Access to administrative functions is restricted to authorised personnel only, using role-based access controls.
  • We encourage users to choose strong, unique passwords for their accounts.

4. Infrastructure Security

Our infrastructure is hosted on reputable cloud providers that maintain their own comprehensive security certifications and controls. Access to production systems is limited to authorised team members and is protected by multi-factor authentication and network-level restrictions.

5. Data Integrity and Availability

Aeronautical data is sourced from official feeds and processed through automated pipelines with integrity validation. We maintain regular backups of critical data and have procedures in place to restore service in the event of an incident.

6. Third-Party Security

We evaluate the security posture of third-party services integrated into the platform (e.g., Mapbox for map rendering). However, we are not responsible for the security practices of external providers.

7. Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to us privately before public disclosure so we have the opportunity to investigate and address it.

When reporting, please include:

  • A clear description of the vulnerability and its potential impact.
  • Steps to reproduce the issue or a proof-of-concept (if applicable).
  • Any relevant screenshots, logs, or request/response details.

We will acknowledge your report within 5 business days and aim to resolve confirmed vulnerabilities in a timely manner.

8. Incident Response

In the event of a security incident that affects user data, we will investigate promptly, contain the impact, and notify affected users as required by applicable law.

9. Contact

To report a security vulnerability or for any security-related questions, contact us at snellcssas@gmail.com. Please use "Security Report" as the subject line.