Security

Colony Core applies practical security controls during beta and uses conservative wording so teams know what is available today versus what still requires review.

Contact Us

Security practices

Encryption

  • In transit: Encrypted over HTTPS/TLS.
  • At rest: Encryption where supported by our infrastructure and storage providers.

Infrastructure

  • Network controls: Segmentation and firewalling where supported by the hosting environment.
  • Access controls: Least-privilege access for administrative systems.
  • Hardening: Regular dependency and platform updates.

Backups & Recovery

  • Backups: Designed to support recovery from mistakes or outages.
  • Recovery: Recovery objectives depend on the underlying infrastructure and incident type.

Monitoring & Logging

  • Monitoring: Service health and error monitoring.
  • Logging: Operational logs for troubleshooting and security review.
  • Incident response: We investigate and remediate issues as quickly as possible.

Compliance & Regulations

Privacy rights

We aim to support common privacy expectations (access, deletion, and data handling requests) and will work with customers on reasonable requests.

Data processing agreements

If you need a DPA, subprocessor details, or a security questionnaire, contact support and we will provide what we can.

Certifications

We do not claim certifications on this page unless we can provide supporting documentation.

Regulated use cases

If you have regulated requirements, contact us so we can confirm fit before you rely on Colony Core for a specific compliance program.

Data minimization

We aim to collect and retain only what is needed to provide and improve the service.

Transparency

We keep this page intentionally conservative to avoid promises we cannot operationalize.

Data Ownership & Control

Your Data is Yours

Colony Core is a custodian of your data. You retain ownership and control.

  • We support data export in standard formats where available.
  • We do not sell your data.
  • Deletion requests are handled according to our policies and legal obligations.

Privacy & Tracking

See our Privacy Policy for details on data handling and tracking.

Subprocessor List

We use third-party providers to deliver the service (for example, hosting, email, analytics). If you need a current subprocessor list, contact support. Core providers are also referenced in our Privacy Policy and Integrations page.

Security FAQ

What data do you store?

We store the operational data you enter (jobs, flight logs, equipment, invoices), account details, and limited usage and security logs needed to operate the service.

How is tenant data separated?

Data is scoped by account and access controls are enforced in the application. We limit staff access to authorized support and maintenance needs.

Do you use analytics?

We use website analytics (Google Analytics 4) with a consent banner. In-product telemetry is limited to service performance, reliability, and security monitoring.

Can I export or delete data?

We support data export in standard formats where available. Deletion requests are handled per our policies and legal obligations.

Do you offer a DPA or security questionnaire?

Contact support and we will confirm what security documentation is currently available for your review.

Availability

We aim for reliable uptime, but the service may be interrupted at times. Terms of Service governs any availability commitments.

Security Questions?

If you need a DPA, security questionnaire, or have security/privacy questions, contact support.

Contact support