Security & access
Access controls that aren't optional.
Security in this platform is enforced at the data layer, not at the UI. Roles, company scope, and owner scope all live in the database — the surfaces above just reflect them.
Role-based access
Platform admin, company admin, ops, sales, client, and owner each get a tailored view of the system.
Company isolation
Multi-company by design. A staff member at one operator cannot see another operator's data.
Owner-scoped data
Owners only see aircraft they have ownership records for, and only owner-visible account entries.
Client vs internal
Documents, notes, and account postings can be marked internal and stay internal.
Server-side controls
Sensitive operations run server-side with explicit authorization checks.
Encrypted integrations
Integration credentials (e.g. QuickBooks tokens) are encrypted server-side and never exposed to the browser.
What we're not claiming
Honest limits.
We do not claim certifications we have not earned. We do not claim to be a compliance system. Where access controls or storage have specific boundaries, we describe them plainly during procurement.