How we secure your account and your data.

PlanesChat is built for working pilots — people who already live by a checklist. We hold our infrastructure to the same standard. This page is the plain-English version of how we protect your account, your messages, and your operational data.

Identity

Every PlanesChat account is tied to a real FAA airman record. Verification is matched against the official FAA Airman Inquiry by legal name and certificate type. Accounts without a verified match never appear in directory results.

FAA Airman Registry lookup at registration
Email verification required for sensitive account changes
Hardcoded display of verification status on every public profile

Data in transit and at rest

TLS 1.3

All client ↔ server traffic enforced by Firebase Hosting + HSTS.

Encryption at rest

Firestore and Cloud Storage encrypt data at rest using Google-managed keys (AES-256).

HSTS preload

2-year HSTS with includeSubDomains and preload — no downgrade attack window.

CSP & security headers

Strict Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy on every response.

Access control

Every read and write is enforced server-side by Firestore Security Rules — not by the client. A user cannot escalate privileges by editing JavaScript in their browser.

Rules pin createdBy / senderId / ownerUid to request.auth.uid on writes
Group messages are members-only; admins enforced at the rules layer, not just the UI
Direct messages can only be created when the caller is one of the two participants
Invitation tokens are unguessable UUIDs and cannot be enumerated
Marketplace ownership-verification documents are owner-only read; admins review via signed URLs

App Check

Production traffic is protected by Firebase App Check (reCAPTCHA v3) so requests from headless browsers, automated scripts, and unverified clients are rejected at the Firebase edge — before they ever reach Firestore or Storage.

Authentication

Email + password with Firebase Auth — passwords never touch our infrastructure
Google sign-in (OAuth 2.0 with PKCE)
Email verification required for password reset
Session refresh tokens managed by Firebase; logout revokes locally

Messaging

Group and direct messages are stored encrypted at rest. Message bodies are size-validated server-side (10 KB hard cap) and rate-limited via Cloud Functions to prevent abuse. Deletion removes the document and prevents further retrieval, though copies that exist in operational backups roll off on the standard Firebase retention window.

Payments

PlanesChat does not store payment card data. Subscription billing is handled by Stripe; we receive only the customer ID and subscription status webhook events.

Dependencies

Production dependencies are scanned continuously via npm audit. Critical and high-severity vulnerabilities are patched within 48 hours of disclosure. The current production dependency tree reports zero known vulnerabilities.

Privacy & data subject rights

Account holders can export or delete their data from the Settings page. Deletion removes the user document, hangar profile, marketplace listings, and DM threads. Group messages authored by the user are anonymized (sender name replaced with "Deleted Pilot") to preserve thread continuity for other members. See the Privacy Policy for full details.

Responsible disclosure

If you believe you have found a security issue, we want to hear from you before you publish. Please email security@planeschat.com with a description and reproduction steps. We aim to acknowledge within 48 hours and to triage within 5 business days. We commit not to pursue legal action against researchers who follow this process in good faith.

We do not currently run a paid bug bounty, but we publicly credit reporters in our changelog with their permission.

Security contact

Vulnerability reports: security@planeschat.com

General questions: support@planeschat.com