Security
Security & compliance
The same five commitments cover both tracks: no sensitive personal data on the platform, isolation enforced at the database rather than the interface, a record structure built to a recognized regulatory authorization, PDFs that never leave your browser, and a hosting roadmap that states plainly where Glidepath runs today and what's ahead.
No sensitive personal data on the platform
Every table Glidepath writes to holds an operational record: airfield or airport status, inspections, discrepancies, and training currency. None of it is sensitive personal data.
Each base's records, isolated by design
Row-level security runs on every operational table, not only the ones that feel sensitive. The permission matrix isn't a UI convenience checked once and trusted afterward: the database re-checks it on every read and write, so an unauthorized attempt fails at that layer no matter how it was made, whether through a rendered page, a direct API call, or anything else that never touches the interface at all.
That boundary holds between bases as well. An Airfield Manager working one installation and a reviewer with access to several never reach into a base's rows without the matrix granting it first, so switching which base is in view never means seeing into one that isn't.
Nothing in the middle, nothing left behind
A PDF exists in exactly one place when it's generated: the browser tab open in front of you. Nothing about that process reaches out to another service to build the file and hand it back, and nothing is left sitting on anyone else's hardware once it's done.
That keeps the decision about what leaves the building where it belongs: with the person who generated the file. Once a PDF lands on your device, whether it goes out as an email attachment, into a folder, or nowhere at all, is your call. The platform never makes that decision on your behalf.
Commercial cloud today, a Platform One roadmap ahead
Glidepath runs today on commercial cloud infrastructure: Vercel for the application, Supabase for the database, with the row-level isolation and permission-matrix enforcement described above applied to every base and every airport on that infrastructure.
A Platform One migration path toward IL4/IL5 environments is in progress. That's a roadmap, not a current accreditation: Glidepath does not hold IL4 or IL5 accreditation today, and nothing on this page should be read to claim otherwise.