Legal
Security Policy
Last updated: 19 May 2026
How we protect your data
Encryption
All data encrypted at rest (AES-256) and in transit (TLS 1.3). Passwords are hashed with bcrypt, never stored in plain text.
Infrastructure
Hosted on SOC 2-certified cloud infrastructure in the EU. Automated backups every 6 hours, retained for 30 days.
Access control
Principle of least privilege across all internal systems. Two-factor authentication required for all team members with production access.
Monitoring
Real-time alerting for anomalous access patterns, failed auth attempts, and infrastructure events. 24/7 on-call rotation.
Currency calculation methodology
SkyHub calculates currency using the rolling 90-day and 12-month windows defined in FAA 14 CFR 61.57, FAR Part 117, EASA Part-FCL, and ICAO Annex 1. Every calculation references the specific regulation section — not just a generic flag.
Currency checks run client-side against your logged data. No flight data is sent to a third-party rules engine. If you log a flight offline, currency updates the moment the app syncs.
SkyHub's currency output is informational only. You remain responsible for verifying your own compliance. See Terms of Service §5 for more detail.
Data ownership
Your logbook data is yours. SkyHub does not sell, licence, or share your flight records with third parties. We do not use your data to train machine-learning models.
You can export your complete logbook at any time as a PDF or CSV from Settings → Export. If you close your account, all data is permanently deleted within 30 days.
Report a vulnerability
If you discover a security vulnerability in SkyHub, please disclose it responsibly. Email security@skyhubglobal.com with a description of the issue, steps to reproduce, and your assessment of impact.
- We acknowledge all reports within 48 hours.
- We aim to patch critical vulnerabilities within 7 days.
- We do not pursue legal action against good-faith researchers.
- We credit researchers in our changelog (unless you prefer anonymity).