FlightLogger prioritizes cybersecurity, which is why we have chosen to outsource our infrastructure to the top cloud provider, Amazon, located at their EU data center in Ireland.
The reason for this is that Amazon maintains its data center operations with strict compliance standards and holds various certifications, such as ISO-27001.
Achieving this level of security would pose a significant challenge and incur considerable expenses for any private data center.
Here are some links to:
https://aws.amazon.com/compliance/
https://aws.amazon.com/compliance/data-center/data-centers/
FlightLogger software runs on Heroku's Common Runtime and Heroku Postgres, both of which maintain a high level of compliance under ISO certification.
Here are some links to:
https://www.heroku.com/compliance
https://www.heroku.com/policy/security
As you can see from the information provided in the links above, our service providers assure us that they promptly patch any security risks and maintain a high level of physical security around their data centers.
Both Amazon and Heroku have well-established protocols in place to uphold these standards and undergo regular audits.
It's important to note that no individuals at FlightLogger have physical access to the machines running FlightLogger. All remote access is carefully managed through specialized tools provided by Amazon and Heroku, which monitor and restrict all operational tasks.
The Document center
Access to this data store is secured with SSL, and any URLs generated by FlightLogger for documents will automatically expire after 10 seconds. Each link is unique to the user and should not be shared with others.
To obtain a generated URL from FlightLogger, users must first be authenticated as valid FlightLogger users and granted the necessary sharing rights defined in the document center.
If a user saves a document link in the document center, you have the ability to revoke access by removing the user from the "share with" list, or in extreme cases, block access to FlightLogger altogether.
Remember, security is only as strong as its weakest link, so users should exercise caution when sharing information.
-Avoid downloading documents to insecure locations or sharing them as email attachments.
- Avoid sharing an already authorized direct S3 link, as even though the link will expire, anyone with access to it will still be able to view the document.
Therefore, it is important to only share links to documents that start with https://domainname.flightlogger.net/documents. This will allow us to align with the rules set in the sharing setup.
For highly sensitive information, it is recommended to encrypt the documents before uploading them to FlightLogger. By doing so, accessing the document will require authentication, ensuring security even in the event of a stolen hard disk.
If you need further assistance, please don't hesitate to reach out to our support team by clicking on the Question Mark icon -Get support. This icon is located in the top right corner of your FlightLogger account.