SOC 2 Type II
Aerotime is SOC 2 Type II certified. Our infrastructure and payments partners all meet or exceed these strict requirements. View SOC 2 Trust Report
Security Program Highlights
Data Security
Aerotime encrypts data at rest and in transit for all customers. We use tools like Amazon Web Service’s Key Management System (KMS) to manage encryption keys using hardware security modules for maximum security in line with industry best practices.
Application Security
Aerotime uses high-quality static analysis tooling provided by GitHub Advanced Security such as Dependabot and AWS Codeguru to secure our product at every step of the development process.
Infrastructure Security
Aerotime uses Amazon Web Services to host our application. We fully use the security products embedded within the AWS ecosystem, including KMS, GuardDuty, and Inspector.
In addition, we deploy our application using containers run on AWS-managed services, meaning we typically do not manage servers or EC2 instances in production.
Bug Bounty Program
If you have found a security vulnerability or abuse risk-related issue in Aerotime and want to report it to us, please email our team at security@aerotime.com
. We encourage security researchers to participate in our bug bounty program, which is meant for security researchers to responsibly find, disclose, and help us resolve security vulnerabilities.
Our program is straightforward and consists of a simple set of rules that help protect both our company and those who find bugs and security vulnerabilities. To participate, please send a short introduction to security@aerotime.com
.
Out-of-Scope Vulnerabilities
When reporting vulnerabilities, please consider
(1) attack scenario/exploitability, and
(2) security impact of the bug. The following issues are generally considered out of scope:
Brute force attacks
Denial of Service attacks
Reports from scanners and automated tools (mainly because they are often not actionable)
Submission Template
## Summary: [add summary of the vulnerability]
## Steps To Reproduce: [add details for how we can reproduce the issue]
1. [add step]
1. [add step]
1. [add step]
## Supporting Material/References: [list any additional material (e.g. screenshots, logs, etc.)]
* [attachment / reference]
## Impact [overview of the impact in terms of what systems were involved in the bug]