Security
At FlyFreely we understand that the information stored within our platform can represent significant intellectual property for our customers. As such, we take security of this information seriously, and proactively work to ensure it is secure.
Since 2022 we have been ISO27001 certified, meaning we have an annually audited Information Security Management System (ISMS). This ISMS governs our business processes to ensure the Confidentiality, Integrity, and Availability of customer and company information. This covers the development, operations, and support of the FlyFreely platform.
For more information about our ISMS please contact us.
Report a Vulnerability
If you believe you have found a security issue please submit the report to our security team via email: security@flyfreely.io
We appreciate all genuine disclosures, and will work with security researchers and professionals to resolve issues disclosed, but we do not run a bug bounty programme.
Subprocessors
FlyFreely uses third-party entities to process customer data in accordance with our terms of service. When processing customer data, we only use subprocessors who are certified to ISO27001 or SOC2, or have had a security assessment performed on them with appropriate controls put in place in accordance with our ISMS.
The following table lists the processors, and what data they store or process.
| Subprocessor | Nature and Purpose of Processing | Category of Data | Location of Service |
| Microsoft Azure | Cloud compute and storage hosting | All customer data | Melbourne Australia |
| Google Cloud Platform | Cloud compute and storage hosting | All customer data | Sydney Australia |
| Mailgun | Email relay | Emails sent from the platform to customers | United States of America |
| Hubspot | Support and marketing | Customer contact information, support chats, and support email correspondence | United States of America |
| Sentry | Crash and performance analytics | Customer usage metadata, some data and metadata related to actions being performed when an error occurs | United States of America |
| Cloudflare | Content delivery network and web application firewall | All web traffic between the customer and the service | Worldwide points of presence |
| Mixpanel | Usage analytics | Metadata about user interactions within the application | United States of America |
| Stripe | Payment processing and subscriptions | Customer address, payment, and contact information. | United States of America |
| Grafana | System logging and metrics | Basic customer identifiers and metadata may appear in logs when errors occur | Australia |
| Airservices Australia | NOTAM provision | Customer Airservices Australia passwords and search requests | Australia |
| Google Analytics | Web and application analytics | Metadata about user interactions on the website and application | United States of America |
| Usersnap | User error reporting | Images of the users screen when they report the issue, along with basic use metadata | United States of America |
| Federal Aviation Administration | LAANC Airspace Approvals | Flight plan information related to requests for LAANC approvals | United States of America |
| Wing Aviation | CASA Automatic Airspace Approvals | Flight plan information related to requests for CASA AAA approvals | Australia |
| Airshare | AirShare Airspace Approvals | Flight plan information related to requests for AirShare approvals | New Zealand |