Security

Eolas Technologies Ltd

Last updated: 20 June 2026

This page describes the security posture of both the Eolas Technologies website (eolasdata.com) and the PreFlight application (app.eolasdata.com), which provides accounts, dataset validation, and billing.

We Do Not Retain Your Data

This is the foundation of how PreFlight is built: your data does not live on our systems. When you submit a dataset for validation, it is processed transiently and deleted immediately after validation completes.

We do not retain it, archive it, copy it, sell it, share it, or use it to train models or improve our services. Deletion is automatic and enforced by the system — not left to manual action.

The strongest way to protect data is not to keep it. PreFlight holds your dataset only for the seconds required to validate it, and then it is gone.

Validation reports contain the results of the checks — verdicts and metrics about your data, not a copy of your data. Reports are stored in your account and remain fully under your control to view, export, or delete at any time.

Encryption

In transit: all traffic to the website and application is served over HTTPS/TLS.
At rest: account data and infrastructure storage are hosted on managed providers that encrypt data at rest.

Authentication and Access Control

Passwords are stored only as secure hashes — never in plain text. Sessions use a secure, httpOnly cookie. API access is authenticated with per-account API keys.

Account data is scoped per account, so one customer cannot access another's data or validation history. Administrative access to operational systems is restricted to authorised personnel and protected by authenticated access controls.

Payment Security

Payments are processed by Stripe, a PCI-DSS Level 1 certified provider. We never see or store your card details — card data is handled entirely by Stripe.

Infrastructure and Operational Security

The website and application run on managed cloud infrastructure with platform-level access controls. Security patches, updates, and maintenance are applied as part of ongoing operational management, and administrative privileges are limited to operational necessity.

Sub-processors

We use a small number of trusted providers, each handling only the data necessary for its function:

Stripe — payment processing
Resend — transactional email
DigitalOcean — application hosting, database, and transient dataset processing
Cloudflare — dashboard hosting and delivery

What We Do Not Do

We do not sell personal data, and we do not engage in advertising tracking, behavioural profiling, or data brokerage. We do not use your datasets for any purpose beyond running the validation you requested.

Reporting a Security Concern

If you discover a security issue, please report it to [email protected]. We take reports seriously and will investigate promptly.

Limitation

We maintain reasonable technical and operational safeguards appropriate to the Service. No system can be guaranteed perfectly secure.

This page describes general security controls and is not a contractual security commitment; any such commitments are governed by our Terms of Service or a separate written agreement.

Access PreFlight Tool