
Trust & Compliance
Security & Data Protection
Trust is the foundation of everything we build. Airport Online is engineered to be secure, resilient and privacy-respecting from the ground up — for the airports, travellers and communities we serve.
Our Commitment
Security and trust are non-negotiable
Airport Online serves public institutions and the travelling public, so protecting information and maintaining availability are core responsibilities — not optional extras. The platform is built to enterprise-grade standards by design, balancing strong protection with the speed and accessibility travellers expect.
Secure by design
Encrypted everywhere
Minimal data, maximum care
Security governance & compliance frameworks
Our security program is modelled on recognised international standards for information security management, including the principles set out in the ISO/IEC 27000 family. Rather than treating security as a checklist, we use these frameworks to shape how we make decisions — assessing risk, applying appropriate controls, and reviewing them as the platform and the threat landscape evolve.
Infrastructure security
Airport Online runs on leading cloud platforms — primarily Amazon Web Services and Google Cloud — whose data centres maintain extensive, independently audited security certifications. Building on this foundation lets us inherit robust physical and network protections, regional resilience and continuous monitoring that would be impractical to replicate alone, while we focus on securing the layers we control.
Application & data-layer security
At the application level, we follow secure-development practices aligned with widely adopted industry guidance, such as the OWASP recommendations for web application security. This includes input validation, protection against common web vulnerabilities, least-privilege access to data, and careful handling of any sensitive information so that protection is consistent from the database through to the browser.
Physical, operational & organizational security
Physical security of the underlying servers is handled by our cloud providers, whose facilities are protected by controls that include restricted access, surveillance and environmental safeguards. This means the hardware running Airport Online sits inside some of the most rigorously protected data centres in the world.
Operationally, we apply the principle of least privilege: people and systems receive only the access they genuinely need, and that access is reviewed over time. We keep software dependencies current, apply security updates promptly, and treat secure configuration as a standing responsibility rather than a one-time task.
Organizationally, security is a shared culture. Our team is expected to handle data responsibly, follow established practices, and raise concerns early — because the strongest technical controls still depend on the people who operate them.
Business continuity & disaster recovery
Airports and travellers rely on information being available when they need it, so resilience is a first-class concern. By building on cloud platforms designed for high availability, we benefit from redundant infrastructure that helps the service stay online through localised failures.
Our approach to continuity includes regular data backups and recovery procedures so that, in the event of a disruption, we can restore service and information with minimal impact. We design with the assumption that components can fail, and we plan for graceful recovery rather than relying on everything working perfectly all the time.
Data privacy & compliance
We believe the best way to protect data is to collect as little of it as possible. Our platform is built around minimal data collection — we gather only what is needed to deliver a useful, reliable experience, and we avoid hoarding information we do not need.
Every page is served over HTTPS through our content delivery network, so connections are encrypted in transit by default, wherever travellers are in the world. Accessibility is part of how we define a trustworthy product, too: we build to WCAG 2.1 AA and align with the ADA so the experience is inclusive as well as secure.
For full details on how we handle personal information and the technologies we use, please review our Privacy Policy and our Cookie Policy. You can also read our Accessibility Statement to learn more about our inclusive-design commitments.
Limitations & disclaimers
We are committed to strong security, and we are equally committed to being honest about its limits. No system, product or organisation can be perfectly secure, and no provider can responsibly promise absolute protection against every possible threat. What we can promise is that we take security seriously, design for it deliberately, and work to improve continuously.
This page is a good-faith summary of our security approach for informational purposes. It describes practices and standards we align with and model our work on; it is not a contractual guarantee, a warranty, or a certification, and the specifics may evolve as we strengthen the platform over time. If you have detailed security or compliance requirements, we welcome the conversation and are happy to discuss how we can support your needs.
Have a security or compliance question?
Our team is glad to discuss how Airport Online protects the airports, travellers and communities we serve.