Flylogs commitment to GDPR compliance

At Flylogs, our mission is to help you manage your data, and we believe the protection of our customers' and their end users' data is fundamental to this mission.

Even before Europe’s watershed General Data Protection Regulation (GDPR) went into effect in 2018, Flylogs was focused on how we could improve privacy. We’ve built a product to expand and improve privacy online for aircraft operators, and we minimize our collection of personal data and only use personal data for the purpose for which it was collected. Since our founding, we have committed that we would keep personal information private, so we have never sold or rented our users’ personal information to anyone.

On a practical level, GDPR was a codification of many of the steps we were already taking: only collect the personal data you need to provide the service you’re offering; don’t sell personal information; give people the ability to access, correct, or delete their personal information; and, consistent with our role as a data processor, give our customers control over the information that, for example, is cached on our content delivery network (CDN), stored in our databases, or captured by our web application firewall (WAF).

Information about the personal data Flylogs collects, how we use and disclose that information, data subject rights (including how to contact Flylogs to exercise those rights), and international data transfers can be found in our Privacy Policy.

NIS2 Directive for Enhanced Cybersecurity

At Flylogs S.L., we take cybersecurity seriously. Although company specifications do not require us to comply with the NIS2 Directive (Network and Information Systems Directive), we have gone beyond the legal requirements to ensure the security of our operations. Here’s a summary of the key steps we’ve implemented:

  • Risk Assessment: We conducted an complete assessment to identify vulnerabilities and prioritize critical systems.
  • Cybersecurity Governance: We established a governance framework with a dedicated cybersecurity team and clear policies.
  • Technical Safeguards: Our systems are protected with prooven security measures like encryption, regular software patching and intrusion detection.
  • Supply Chain Security: We ensured our suppliers meet the same high cybersecurity standards before selecting them.
  • Incident Response Plan: We implemented an incident response plan with 24-hour reporting capabilities, in line with NIS2 requirements.
  • Continuous Monitoring: Our systems are continuously monitored, and regular audits are conducted to identify vulnerabilities.
  • Employee Training: Ongoing cybersecurity training ensures all employees are aware of current threats and best practices.
  • National Compliance: We comply with national cybersecurity regulations and ensure our practices go above regulatory requirements.