Sell Your Aircraft Get Financing Market Reports Find Dealers
CompAeros ← Services

Security

Security at CompAeros.

How we handle authentication, data, and responsible disclosure.

Architecture

CompAeros runs on Cloudflare Pages with D1 (database), R2 (object storage), and Workers (background jobs). All traffic is HTTPS-only with HSTS preload and a strict Content-Security-Policy.

Authentication

Auth.js with Google OAuth and email-password fallback. Sessions are stored server-side in D1; CSRF tokens are HMAC-derived and validated on every state-mutating request.

Data handling

Personally identifiable information is minimised. Onboarding fields and deal-room metadata live in D1 with row-level scoping by user. Document uploads are stored in R2 with signed-key retrieval.

Responsible disclosure

If you believe you have found a security issue, please email [email protected]. We acknowledge reports within 72 hours.

Secure access

Continue to CompAeros

Auth.js protects the workspace with Google OAuth and D1-backed sessions. First-time users continue into the onboarding flow.

Continue with Google

Sessions are stored securely in Cloudflare D1.

Welcome to CompAeros!

You're all set. Tell us about your mission to get personalised aircraft recommendations tailored to your budget, range, and runway requirements.

Set Up My Mission Profile

Before you go

Get the 2026 Pre-Owned Light Jet Buyer Guide.

A 24-page mission-fit, total-cost, and engine-program field guide. The same one we walk new buyers through. Free, no calls.

We'll only email about CompAeros — unsubscribe one click.