Security & Trust

Flight Deck is operated by Sage Cactus Works LLC. We take the security of your veterans' and guardians' data seriously. This page outlines the measures we have in place to protect your hub's information.

Database Isolation

Every hub gets its own database. Your data is never co-mingled with other hubs, and no hub can view, query, or access another hub's information.

Encryption

In transit: All connections use TLS/SSL encryption. Every page is served over HTTPS.

At rest: Passwords are hashed using bcrypt. Sensitive configuration values are encrypted using Laravel's built-in encryption.

Access Control

• Role-based permissions: Admin, Editor, and Viewer roles ensure users only access what they need
• Session-based authentication: Secure, server-side sessions with CSRF protection on every form
• Rate limiting: Public-facing forms are rate-limited to prevent abuse
• Audit logging: All data changes are logged with user attribution and timestamps

Infrastructure

• Hosted on managed infrastructure with automatic security patching
• Daily database backups, retained for 30 days. Each hub's database is backed up independently.
• PHP 8.2+ with all security patches applied
• Dependencies monitored for known vulnerabilities

Data Ownership & Portability

Your hub's data belongs to your organization. You can export your data at any time using the tools built into the app — CSV exports from the Veterans and Guardians lists, or the Custom Report Builder for filtered subsets and saved reports.

See our Privacy Policy for full details.

Responsible Disclosure

If you discover a security vulnerability, please contact us at [email protected]. We take all reports seriously and will respond promptly.

Questions?

For security-related questions, contact [email protected].