Security Policy

Portside is a software-as-a-service (SaaS) application that stores, analyzes and manages operational and financial data for our private aviation customers. We take all reasonable steps to protect information we receive from our users from loss, misuse or unauthorized access, disclosure, alteration and/or destruction. We’ve put in place a number of physical, electronic and managerial procedures to safeguard and secure our users’ information.

Portside does not store credit card information

Our system integrates with Stripe, which is a PCI compliant payment processor. When entering credit card information, a request is made directly to Stripe using SSL. No credit card data is retained or stored on our servers.

Access to all Portside servers is secure

  • Firewalls on all servers are set to default-deny.
  • Database connections are only accepted from other Portside servers on the internal private subnet.
  • All communication with servers (outside of public HTTPS access) is over encrypted secure shell (SSH) and password authentication is disabled. SSH authentication is available only via public/private key authentication.
  • All of Portside’s servers are hosted on Amazon Web Services (AWS). Amazon runs secure, world-class data centers, which are certified for ISO 27001, PCI-DSS Level 1, and SOC 1/SSAE-16.

Portside servers and software are running the latest versions of software and security patches

We strive to keep all server software on the latest version; however, when that is not possible, we do ensure, on a weekly basis, that the latest security patches are installed and up-to-date.

Portside is written to protect against SQL injection attacks

Portside is built on the Python / Django framework and uses all the built-in protections for sanitizing query parameters in SQL statements.

Data is stored securely

Data is hosted on Amazon EC2 and Amazon RDS with encryption enabled.

Access to Portside is secure

All access to Portside is over a secure (SSL encrypted) connection.

Access is logged

All account activity is logged and is available in the “Audit Log” maintained for each account in the system.

Employee security

All employees are required to sign a confidentiality agreement. Each employee is given a separate login to the system and all page requests are logged and backed up.

Backup policy

Backups are stored offsite and are encrypted. Amazon Web Services performs automatic daily database backups and stores the last 30 backed-up database instances. In addition, Portside performs weekly and monthly backups of the entire system. These backups are made to Amazon S3, which stores data in multiple facilities and on multiple devices within each facility. Amazon S3 performs regular, systematic data integrity checks.

PII and cookies

Information about what we collect is outlined in our privacy policy.

Cookies are required for normal operation of Portside; however, no PII is stored in any of the cookies that Portside uses.