Security & Trust

Flight Deck is operated by Sage Cactus Works LLC. We take the security of your veterans' and guardians' data seriously. This page outlines the measures we have in place to protect your hub's information.

Cyber Liability Insurance

Sage Cactus Works LLC maintains an active cyber liability insurance policy. This coverage protects against data breaches, cyber incidents, and related liabilities.

Proof of insurance is available upon request. Contact [email protected] for a copy of our certificate of insurance.

Database Isolation

Every hub receives its own isolated database. Your data is never co-mingled with other hubs. No hub can view, query, or access another hub's information.

Encryption

In transit: All connections use TLS/SSL encryption. Every page is served over HTTPS.

At rest: Passwords are hashed using bcrypt. Sensitive configuration values are encrypted using Laravel's built-in encryption.

Access Control

• Role-based permissions: Admin, Editor, and Viewer roles ensure users only access what they need
• Session-based authentication: Secure, server-side sessions with CSRF protection on every form
• Rate limiting: Public-facing forms are rate-limited to prevent abuse
• Audit logging: All data changes are logged with user attribution and timestamps

Infrastructure

• Hosted on managed infrastructure with automatic security patching
• Regular database backups
• PHP 8.2+ with all security patches applied
• Dependencies monitored for known vulnerabilities

Data Ownership & Portability

Your hub's data belongs to your organization. You can export all veteran and guardian records as CSV files at any time. See our Privacy Policy for full details.

Responsible Disclosure

If you discover a security vulnerability, please contact us at [email protected]. We take all reports seriously and will respond promptly.

Questions?

For security-related questions or to request proof of insurance, contact [email protected].