Legal
Data Processing Agreement
Aeronautica provides a Data Processing Agreement (DPA) for customers who require one for regulatory compliance, procurement, or internal data governance requirements.
Who Needs a DPA?
Organizations in regulated industries — aerospace and defense, aviation, automotive, and other sectors subject to strict data handling requirements — often require a signed DPA before onboarding enterprise software. If your procurement, legal, or IT security team has flagged this requirement, we can provide a DPA for your review.
What Our DPA Covers
- Customer data processing purposes and scope
- Data isolation and multi-tenancy controls
- Sub-processor disclosure and obligations
- Data breach notification procedures and timelines
- Data retention and deletion on contract termination
- Security measures and technical controls
Sub-processors
Aeronautica uses the following sub-processors to operate the Service. This list was last verified March 2026 via cross-repository source code audit and will be updated if sub-processors change.
| Sub-processor | Purpose | Data Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure — compute, database, storage, authentication, email, CDN | United States |
| Stripe, Inc. | Payment processing — handles credit card transactions and subscription billing | United States |
How to Request a DPA
Contact us to request a DPA. Include your organization name and any specific requirements your legal team has flagged. We will respond within two business days.
If you are completing a security questionnaire or vendor assessment, mention it in the message and we will complete it alongside the DPA.
Aerospace & defense customers
DPA execution is available as part of the onboarding process for organizations with specific data handling requirements. Contact us and we will handle the DPA as part of that conversation.