SkySign Aviation Compliance

Security

Sky Sign is built with security and compliance at its core. Here's how we protect your data.

Row Level Security

Every database query is scoped to your organization. Employees can only see documents assigned to them. Administrators can only access their own org's data. This is enforced at the database level, not just the application level.

Encrypted at rest and in transit

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Your documents are stored in private, access-controlled storage buckets.

Immutable audit trail

Once a document is signed, the acknowledgement record cannot be modified or deleted. We store the document hash (SHA-256), version number, timestamp, user agent, and IP address.

No third-party access

Your documents are never shared with or processed by third parties. We don't use your data for training, analytics, or any purpose other than providing the service.

Document integrity

Every document upload generates a SHA-256 hash. When an employee signs, the hash and version are recorded with their acknowledgement, ensuring tamper-proof records.

Infrastructure

Sky Sign runs on Supabase (backed by AWS) with automatic backups, point-in-time recovery, and 99.9% uptime SLA. Payment processing is handled by Stripe, a PCI DSS Level 1 certified provider.