Flyers Up LLC — Data Security Policy

This Data Security Policy describes the security practices Flyers Up LLC ("Flyers Up," "we," or "us") employs to protect user data. This policy is intended to provide transparency regarding our security standards. It is incorporated by reference into our Privacy Policy.

Section 1 — Encryption

We use industry-standard encryption to protect data in transit and at rest. All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security). Sensitive data stored in our databases is encrypted at rest. We use encryption standards consistent with industry best practices for technology platforms.

Section 2 — Secure Payments

Payment processing is handled by Stripe, a PCI-DSS compliant payment processor. We do not store full credit card numbers on our servers. Card data is transmitted directly to Stripe and is subject to Stripe's security controls. Payouts to Pros are processed through Stripe Connect, which maintains its own security standards.

Section 3 — Authentication

User authentication is managed through secure authentication providers. We use industry-standard practices for password hashing and session management. We encourage users to use strong passwords and to enable two-factor authentication where available. Account credentials are protected and are not shared with third parties except as necessary to operate the Platform.

Section 4 — Access Controls

We implement access controls to limit access to user data to authorized personnel who need such access to perform their job functions. Access is granted on a least-privilege basis. We use role-based access controls and audit logging where appropriate.

Section 5 — Infrastructure Security

Our Platform is hosted on infrastructure operated by reputable cloud providers that maintain robust physical and logical security controls. We rely on our hosting and database providers for infrastructure security, including network security, intrusion detection, and physical security of data centers.

Section 6 — Monitoring and Incident Response

We monitor our systems for suspicious activity and security incidents. In the event of a data breach or security incident that affects user data, we will notify affected users and relevant authorities as required by applicable law. Our incident response procedures include containment, investigation, remediation, and post-incident review.

Section 7 — Third-Party Security

We use third-party services for payment processing, authentication, hosting, and analytics. We select vendors that maintain appropriate security standards. However, we do not control the security practices of third parties and are not responsible for their security. Our Privacy Policy describes the third-party services we use.

Section 8 — User Responsibilities

Users are responsible for maintaining the confidentiality of their account credentials and for all activity occurring under their account. Users should not share passwords, enable two-factor authentication where available, and report suspected unauthorized access promptly.

Section 9 — No Guarantee

While we implement reasonable security measures, no system is 100% secure. We cannot guarantee that our security measures will prevent all unauthorized access, use, or disclosure. We will continue to evaluate and improve our security practices.

Section 10 — Contact

To report a security concern: Flyers Up LLC — support@flyersup.app