Air Trending logo simple
Meet Us
Free Strategy Call
Security & Compliance Overview — Air Trending

Air Trending

Security & Compliance Overview

A summary of the technical and organizational measures Air Trending uses to protect personal data when we deliver marketing and sales services and operate our website.

Last Updated: June 2026

1. Introduction

Air Trending is a marketing and sales agency specialized in the aviation industry, operated by Sternac LLC. We help aviation businesses generate qualified leads, shorten sales cycles and grow, using digital marketing, advertising and the Air Lift platform for CRM and automation. Because our work involves handling personal data inside our clients' accounts and tools, protecting that data is central to how we operate. This overview summarizes the measures we apply. It is a summary, not an exhaustive description, and it does not form part of any contract.

2. Our Security and Risk Focus

Our primary security focus is to protect the data our clients entrust to us, and the data we collect through our own website and operations. Unlike a software vendor, we do not host a multi tenant product. Instead, we work inside trusted platforms and we manage how our team accesses client accounts. Our controls therefore center on access management, credential security, vendor selection and good operational practice.

3. Our Security and Compliance Objectives

  • Client trust and protection. Deliver our services while protecting the privacy and confidentiality of personal data.
  • Lawful processing. Process personal data in line with the EU GDPR, the UK GDPR and the Spanish LOPDGDD, on a clear legal basis and, where we act as processor, on our clients' instructions.
  • Integrity and separation. Keep each client's data accurate and separate, and never mix it with another client's.
  • Good practice. Apply recognized good practice across the platforms and tools we use.

4. Our Security Controls

To protect the data we handle, we apply administrative, technical and operational controls across our work. The sections below describe the most relevant ones.

4.1 Access to Client Accounts

Access to a client's accounts is provided to the specific team members who build, configure and support that client's services, on a least privilege basis. During onboarding and setup, our team keeps ongoing access as needed to configure and launch the work. After setup, ongoing access applies only where the plan includes managed services. Where it does not, we access the accounts at the client's request, for example to make a change, resolve an issue or provide support, and not otherwise. Account activity is logged within the relevant platforms.

4.2 Credential and Device Security

We handle access credentials securely, use multi factor authentication where the platform supports it, avoid sharing credentials unnecessarily, and remove access promptly when a project ends or a team member no longer needs it. Our team works on protected devices and follows secure practices for the accounts they manage.

4.3 Data Handling and Separation

We process only the personal data needed to deliver a client's services. Each client's data is kept separate, and is never shared with, visible to or mixed with another client's. We ask clients not to place sensitive categories of data, such as financial account numbers, government IDs or health information, into the marketing and CRM tools, since these tools are not intended for that data.

4.4 Platforms and Sub-processors

We deliver our services through trusted platforms, including the Air Lift platform for CRM and automation, which runs on HighLevel infrastructure, advertising and analytics platforms, a consent management tool, and a payment tool. We rely on these providers' own audited security programs, including encryption in transit and at rest, infrastructure security and availability. Each is engaged under data protection terms no less protective than our DPA, and the current list is published on our Sub-processors page.

4.5 Website Security

Our website is served over HTTPS with TLS encryption. We use a consent management tool so that analytics and advertising technologies load only where visitors have given consent, and we apply standard protections and updates to keep the site secure.

4.6 Personnel

The people who deliver our services are bound by confidentiality obligations and receive guidance on data protection and secure handling of client accounts. Access to client data is granted on a need to know basis.

4.7 Incident Response

We maintain a documented process to identify, contain and respond to security incidents. If we become aware of a personal data breach affecting data we process for a client, we notify that client without undue delay and provide the information they need to meet their own obligations.

4.8 Business Continuity and Backups

Because we operate within established cloud platforms rather than our own infrastructure, we rely on those platforms' redundancy, backup and recovery capabilities for the data they hold. Many of the tools we use also offer export and version history options, and we can help clients export their data on request.

4.9 Compliance

We process personal data in line with the EU GDPR, the UK GDPR and the Spanish LOPDGDD, with appropriate safeguards such as the Standard Contractual Clauses for transfers outside the EEA, the UK or Switzerland. Our practices are described in our Privacy Policy and Data Processing Agreement. For any security or compliance question, contact gdpr@air-trending.com.

Company
Resources
Air Lift
Discover
Log In
© 2026 Air Trending. All rights reserved. Enhancing your presence in the aviation industry.