JetGuide Security
Protecting pilot training data and platform integrity — a comprehensive overview of the security measures that keep your JetGuide experience safe, private, and trustworthy.
Last Updated: March 24, 2026
JetGuide, Inc.
Data Encryption
Every byte of your training data — in transit and at rest — is protected by industry-leading encryption standards.
TLS 1.2 / TLS 1.3
All data transmitted between your browser and JetGuide servers is encrypted in transit using the latest TLS protocols.
AES-256 at Rest
Account profiles, training records, AI interaction logs, and SMS history are all encrypted at rest using AES-256.
Encrypted Backups
Database backups are encrypted and stored in geographically redundant locations for resilience and disaster recovery.
bcrypt Password Hashing
Passwords are never stored in plain text. We use bcrypt hashing with unique per-user salts for maximum credential security.
Infrastructure Security
JetGuide's platform is built on enterprise-grade cloud infrastructure with rigorous isolation, monitoring, and patch management practices.
SOC 2 Type II Certified
Our infrastructure is hosted on enterprise-grade cloud services holding SOC 2 Type II certification — the gold standard for security, availability, and confidentiality controls.
Environment Isolation
Production environments are fully isolated from development and staging environments, preventing cross-contamination of live data.
Network Access Controls
Network access is restricted by firewall rules and security groups. No direct database access is exposed to the public internet.
Vulnerability Management
Regular automated vulnerability scans and dependency audits run continuously. Critical security patches are applied within 72 hours — ensuring rapid response to emerging threats.
Authentication & Access Control
Access to JetGuide systems is governed by layered controls — from multi-factor authentication to role-based permissions and enterprise SSO.
01
Multi-Factor Authentication
MFA is available for all user accounts and is required for all administrator accounts — adding a critical second layer of protection beyond your password.
02
Session Management
Session tokens expire after inactivity and are immediately invalidated on logout, preventing unauthorized session reuse.
03
Role-Based Access Control
RBAC limits employee and contractor access to only the data required for their specific function — enforcing least-privilege principles.
04
Admin Audit Logging
All administrative access to production systems is logged and monitored, creating a complete audit trail for accountability.
05
Enterprise SSO via SAML 2.0
Enterprise and Part 141/142 customers can enable Single Sign-On via SAML 2.0, integrating JetGuide with your existing identity provider.
Application Security
JetGuide is built following industry best practices to defend against the most common and critical web application vulnerabilities.
OWASP Top 10 Compliance
Built following OWASP Top 10 guidelines to systematically mitigate the most critical web application security risks.
Input Validation & Output Encoding
Applied throughout the platform to prevent injection attacks and data manipulation.
Content Security Policy (CSP)
CSP headers are enforced across the platform to mitigate cross-site scripting (XSS) risks and unauthorized script execution.
Rate Limiting
Applied to authentication endpoints to prevent brute-force attacks and credential stuffing attempts.
Dependency Management
Third-party dependencies are regularly reviewed and updated to eliminate known vulnerabilities in the software supply chain.
AI & Training Data
Your training interactions power a personalized learning experience — and we are committed to using that data responsibly, transparently, and only for your benefit.
Used Only for Your Training
Training responses, quiz results, and AI coaching interactions are used solely to personalize your experience and improve platform performance.
No Third-Party AI Training
Training data is not shared with third-party AI providers for model training purposes without your explicit consent.
No Access to Operational Data
Our AI systems do not have access to flight operational data, FOQA data, or any safety-sensitive airline systems.
Aggregated Analytics
De-identified, aggregated training analytics may be used to improve learning outcome models — never tied to individual identities.
SMS Security
JetGuide's daily SMS oral exam questions are delivered through a secure, compliant messaging infrastructure — with your privacy and control always front of mind.
A2P 10DLC Compliant
Daily SMS questions and AI replies are transmitted via Twilio's A2P 10DLC compliant messaging infrastructure, meeting all carrier registration requirements.
Encrypted in Transit
All SMS message content is encrypted in transit per carrier and platform standards, protecting your messages from interception.
AES-256 Storage
SMS interaction history is stored with the same AES-256 encryption standards applied to all other training data on the platform.
Easy Opt-Out
Users may opt out of SMS messages at any time by replying STOP to any JetGuide message. We will never send unsolicited SMS or share your phone number for marketing.
Incident Response
In the event of a security incident affecting user data, JetGuide follows a structured, time-bound response process to protect users and restore trust.
JetGuide is committed to transparency. Affected users will be notified within 72 hours of a confirmed incident, as required by applicable regulations.
To report a suspected security vulnerability, contact security@jetguide.com. We ask that you practice responsible disclosure and allow us time to investigate and remediate before any public disclosure.
Compliance & Certifications
JetGuide's security and data practices are designed to meet rigorous regulatory and industry standards across payment processing, privacy, and messaging.
PCI-DSS
Payment data is processed through a PCI-DSS compliant payment processor. JetGuide does not store raw card data.
CCPA
Our data practices are designed to comply with the California Consumer Privacy Act (CCPA) and applicable data protection regulations.
CTIA / A2P 10DLC
SMS messaging infrastructure complies with CTIA guidelines and A2P 10DLC carrier registration requirements.
DPA / BAA
Enterprise customers requiring a Data Processing Agreement (DPA) or Business Associate Agreement (BAA) may contact legal@jetguide.com.
User Responsibilities & Contact
Security is a shared responsibility. Here's what you can do to keep your JetGuide account and training data secure.
Your Security Checklist
Use a strong, unique password — never reuse passwords from other services.
Enable multi-factor authentication for an extra layer of protection.
Never share your credentials with other pilots, instructors, or administrators.
Report suspicious emails to security@jetguide.com. We will never ask for your password via email or SMS.
Log out on shared devices after every session.
Contact the Security Team
JetGuide, Inc. Attn: Security Team 4241 N Winfield Scott Plaza, #201 Scottsdale, AZ 85251
Security: security@jetguide.com
Legal (DPA/BAA): legal@jetguide.com