Data Backup & Security Policy

Block Aero makes it a priority to take our users’ security, privacy and data integrity concerns seriously. We strive to ensure that user data is kept securely, backed up safely and that we collect only as much personal data as is required to provide our services to users in an efficient and effective manner.

Block Aero uses some of the most advanced technology for Internet security that is commercially available today. In addition, blockchain technology itself is designed and conceived in a manner where data integrity is decentralized and stored in all nodes across the network. However, the nature of private, permissioned blockchain networks, such as the Block Aero platform, allows for private data to be separately maintained from what is accessible to other members of the network.

This Security Statement and backup policy is aimed at being transparent about our security and integrity infrastructure and practices, to help reassure you that your data is appropriately protected.

Data Backup and Retention

General

  • Daily Backup: Incremental backups are performed daily within each user’s account of all the off-chain data in that account. This backup forms part of the data-usage of the account.
  • Periodic Backups: Full Weekly and Monthly backups are taken of the entire Block Aero network, including on-chain private data, and these are kept on a separate secure server
  • Independent backup: We advise that you take regular backups independently and download any data that might be critical to your organization.
Accessible Data/Archive

Your Data: For an active account that is within its limits of users, instruments and data-storage, your data will continue to be made available to you without archiving or removal.

File Restoration Methods

If you need to recover data, you will need to contact Block Aero to request your data to be restored. You can contact us at support@block.aero. We will make every endeavor to have your data restored as soon as possible.

Backup Technologies
  • Off-chain data, including, but not limited to, documents, images, and some user information, is stored on either AWS S3 cloud storage or Azure Cloud storage. Production environments have their off-chain data backed up daily.
  • On-chain data, including, but not limited to, asset information, document assignments, and digital airworthiness documentation, is inherently redundant. In managed production environments, we utilize a redundant, physically distributed infrastructure plan to ensure that total loss risk is minimized.
Application and User Security
  • SSL/TLS Encryption: All user interactions with block.aero are done over a Secure Socket Layer (SSL) connection which protects communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.
  • User Authentication: User data on our network is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. Block Aero issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
  • User Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.
  • Data Encryption: Certain sensitive user data, such as account passwords, is stored in encrypted format.
  • Data Portability: Block Aero enables you to export your data from our system in a variety of formats so that you can back it up or use it with other applications.
  • Privacy: We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.
Physical Security
  • Data Centers: Our primary blockchain network is hosted by AWS and IBM Cloud and is designed using the latest technology to specifically guarantee powerful performance, reliability and security.
  • Redundancy: Multiple levels of redundancy have been built in to ensure consistent high performance.
Network Security
  • Security Policies: The server is also fully compliant with the latest security policies and audit guidelines, in order to have private data stay private and protected at all times.
  • Security Monitoring: All servers are continuously monitored for potential security breaches with immediate warning to us in the event of a network security incident.
Payment System
  • Direct Payments: Block Aero offers direct, manual payments through their own administration system. These payments are covered by Block Aero’s Enterprise Blockchain Service Agreement with your organization.
Organizational & Administrative Security
  • Training: We provide technology use training for relevant employees.
  • Service Providers: We screen our service providers and bind them under contract to appropriate confidentiality obligations if they deal with any user data.
  • Access: Access controls to sensitive data in our databases, networks, systems and environments are set on a need-to-know / least privilege necessary basis.
Software Development Practices
  • Coding Practices: Our engineers use best practices and industry-standard secure coding guidelines. Our chain code is publicly available for audit in our Github repository.
Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no methods of electronic storage are perfectly secure. We cannot guarantee absolute security. However, if Block Aero learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under the applicable jurisdiction(s), as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Your Responsibilities

Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing your private key information safely. You should also ensure that you have sufficient security on your own systems, to keep any data you download to your own computer away from bad actors. We require SSL communication to secure the transmission of data, but it is your responsibility to ensure that your systems are configured to use that feature appropriately.

Custom Requests

Due to the number of customers that use our service, specific security questions or custom security forms can only be addressed for customers purchasing a certain volume of user accounts with Block Aero. If your company has a large number of potential or existing users and is interested in exploring such arrangements, please contact your Block Aero representative.

Exclusions

For sandboxed or test server deployments, the following are excluded from the policy:
Data Backup and Retention


© 2023 Block Aero. All Rights Reserved