Home / Trust & security
Trust & security
Uplift tickets, supplier invoices, flight schedules — and the dollars riding on them. That data is sensitive, so FuelDeck™ runs on Google Cloud with isolation, encryption and least-privilege access enforced by the infrastructure itself, not switched on after the fact.
The foundations
Hosting, encryption and tenancy hold up the rest of the platform. Each is enforced in the infrastructure, where it can't be forgotten or misconfigured away.
FuelDeck™ is built entirely on Google Cloud and Firebase — SOC 2 compliant, globally distributed, and backed by a 99.95% uptime SLA across Authentication, Firestore and Storage. You inherit the same operational hardening Google runs its own services on.
Every ticket, invoice and record is encrypted in transit with TLS 1.3 and at rest with AES-256. API keys and service credentials live server-side only — they are never shipped to the browser or embedded in client code.
Firestore security rules enforce strict per-tenant access at the database layer. There is no code path that can query across tenants — every read and write is scoped to your account before it ever reaches the data.
Defense in depth
From the data center to the database rule, each layer assumes the one above it can fail. Here is what protects your fuel data, top to bottom.
Hosted on Google Cloud / Firebase — physically secured, globally redundant data centers running managed Authentication, Firestore and Storage. No self-managed servers to patch or leave exposed.
TLS 1.3 protects every byte in transit between your browser, our services and Google Cloud. Data at rest is encrypted with AES-256. Records are never written or transmitted in the clear.
Every request is authenticated before it touches data. Firestore security rules scope each read and write to the signed-in tenant — access is denied by default and granted only to the records that belong to you.
Each customer's data is partitioned and fenced by security rules so no account can query another's tickets, invoices or filings. There is no cross-tenant query — isolation is enforced by the database, not by application logic alone.
API keys and service credentials are held server-side and never exposed to the browser or embedded in client bundles. The front end talks only to authenticated, scoped endpoints.
A 99.95% uptime SLA covers Authentication, Firestore and Storage, with Google's globally distributed redundancy underneath. The audited ledger stays reachable when you need it.
The platform is SOC 2 compliant, inheriting the controls and audited practices of Google Cloud. We commit only to what we can attest to — SOC 2 today, with our posture reviewed as we grow.
Security at a glance
Everything an information-security reviewer asks for first, in one table.
| Hosting | Google Cloud / Firebase |
|---|---|
| Compliance | SOC 2 |
| Uptime SLA | 99.95% — Authentication, Firestore & Storage |
| In transit | TLS 1.3 |
| At rest | AES-256 |
| Tenancy | Per-tenant Firestore isolation via security rules |
| Cross-tenant access | None — no cross-tenant queries |
| Secrets | API keys & credentials server-side only — never in the browser |
Data handling & privacy
FuelDeck™ works with the operational records of fuelling — and nothing more than it needs to do that job. Here is what enters the platform and how it is contained.
The records FuelDeck™ ingests are fuel uplift tickets, supplier invoices and airline schedules — the documents needed to capture, validate, recover and file. We process the data required to reconcile fuelling, not to profile people.
Your tickets, invoices and filings are partitioned by tenant and enforced by Firestore security rules. No other customer — and no unauthenticated request — can read or query your records. Isolation is structural, not a setting you have to remember to enable.
Records persist as the audited ledger your operations and filings depend on, encrypted at rest with AES-256. Retention follows your agreement, and data can be exported or removed on request. See our privacy commitments for the full detail.
Security FAQ
The questions security and procurement teams ask us most.
Talk to our team
We'll walk your security and procurement teams through hosting, encryption, isolation and our SOC 2 posture — and show the platform handling your own fuel data, live.
Book a demo