Security

At MKII Aerospace, security is not an afterthought—it's built into everything we do. From our aerospace systems to our digital infrastructure, we implement industry-leading security practices to protect our technology, data, and stakeholders.

Last Updated: January 23, 2026

Our Security Commitment

Security is fundamental to aerospace innovation. We are committed to maintaining the highest standards of security across all operations, ensuring the safety of our systems, protection of sensitive data, and trust of our partners.

Technical Security Measures

Infrastructure Security

• HTTPS encryption for all web traffic with TLS 1.3
• Content Security Policy (CSP) headers to prevent XSS attacks
• HTTPS-only cookie configuration for secure session management
• Rate limiting to protect against brute force and DDoS attacks
• Regular security patches and dependency updates

Application Security

• Input validation and sanitization using type-safe schemas
• Server-side request validation and authentication
• Protection against SQL injection, XSS, and CSRF attacks
• Secure API endpoints with proper authorization checks
• Environment variable protection for sensitive credentials

Data Security

• Encryption at rest and in transit for all sensitive data
• Secure credential storage with industry-standard hashing
• Regular automated backups with encrypted storage
• Data minimization principles—we only collect what we need
• Secure deletion protocols for data removal requests

Authentication & Access Control

We use enterprise-grade authentication systems to protect access to our platforms:

• Multi-Factor Authentication (MFA): Required for all employee and partner accounts
• OAuth 2.0 Integration: Secure third-party authentication with trusted providers
• Session Management: Secure session tokens with automatic expiration
• Role-Based Access Control (RBAC): Granular permissions based on user roles
• Domain Restrictions: Access limited to authorized domains and users

Monitoring & Incident Response

Our security operations center provides 24/7 monitoring and rapid incident response:

Physical Security

Our facilities implement comprehensive physical security measures:

• Restricted access to facilities with biometric authentication
• 24/7 security monitoring and surveillance systems
• Secure storage for sensitive hardware and prototypes
• Visitor management and escort protocols
• Environmental controls to protect critical equipment

Employee Security Training

Our team members are our first line of defense. We provide comprehensive security training:

• Security awareness training for all employees
• Regular phishing simulation exercises
• Secure coding practices for development teams
• Incident reporting procedures and protocols
• Ongoing education on emerging threats and best practices

Third-Party & Vendor Security

We carefully vet and monitor all third-party vendors and service providers:

• Security assessments before vendor engagement
• Contractual security requirements and SLAs
• Regular vendor security reviews and audits
• Data processing agreements for GDPR compliance
• Incident notification requirements

Responsible Disclosure Policy

We value the security research community and welcome responsible disclosure of potential vulnerabilities. If you discover a security issue, please:

1. Email us at security@mkllaerospace.com with details of the vulnerability
2. Provide sufficient information to reproduce the issue
3. Allow reasonable time for us to address the vulnerability before public disclosure
4. Avoid accessing, modifying, or destroying data without authorization

We commit to acknowledging your report within 48 hours and providing regular updates on our progress.

Compliance & Standards

MKII Aerospace adheres to industry standards and regulatory requirements:

Contact Our Security Team

For security inquiries, vulnerability reports, or questions about our security practices:

Additional Resources