Security & Trust

We take security seriously. Learn about our security measures, compliance standards, and best practices for using our API safely.

Security Features

End-to-End Encryption

All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.

API Key Authentication

Secure API key-based authentication with rate limiting and usage monitoring.

Infrastructure Security

Hosted on secure cloud infrastructure with regular security updates and monitoring.

Access Controls

Strict access controls and audit logging for all system operations.

Data Protection

What We Protect

  • • API keys and authentication tokens
  • • User account information
  • • Flight search queries and results
  • • Payment and billing data
  • • Usage analytics and logs

How We Protect It

  • • Encryption in transit and at rest
  • • Regular security audits and testing
  • • Minimal data retention policies
  • • Secure backup and recovery procedures
  • • 24/7 security monitoring

Security Best Practices

Follow these recommendations to ensure secure integration with our API:

Keep your API keys confidential and rotate them regularly

Use environment variables to store API keys, never hardcode them

Implement rate limiting on your end to prevent abuse

Monitor your API usage for unusual patterns

Use HTTPS for all API requests

Validate and sanitize all input data

Compliance & Certifications

SOC 2 Type II

In Progress

Security, availability, and confidentiality audit

ISO 27001

Planned

Information security management system

GDPR Compliant

Compliant

Data protection and privacy regulation compliance

Incident Response

Our Commitment

In the event of a security incident, we will:

  • • Respond within 24 hours
  • • Investigate and contain the issue
  • • Notify affected users promptly
  • • Provide regular updates
  • • Implement preventive measures

Report Security Issues

Found a security vulnerability? We appreciate responsible disclosure.

Email: security@flyto.dev
PGP Key: Available on request
Response Time: Within 24 hours

Stay Informed

Subscribe to our security announcements to receive important updates about security patches, maintenance windows, and best practices.