Tail-on-certificate AOC validation, in real time.
Active operating certificates pulled from FAA/EASA/CAA registries every 6 hours.
Each tail is matched against its operator's certificate at quote-issuance time.
Every verification event is appended to a Merkle hash-chain with public root commitment.
Six certifications, ranked by audit cadence.
Type II audit · target attestation Q3 2026.
Information security management · target Q4 2026.
Service-provider scope · in continuous attestation.
Principal data residency in EU/UK/CH at member's election.
Operator integration audit posture.
Operator partners audited at Stage 2 minimum.
GCP CMEK · VPC-SC perimeter · Spanner audit log.
Customer-managed encryption keys per tenant · Cloud KMS HSM-backed.
Service perimeter prevents data exfiltration to outside-perimeter services.
Spanner audit log entries hash-chained · root commits to BigQuery hourly.
Paynode-class cross-border. Apple Pay, wire, escrow.
Funds held in named-trust account · per-leg release at wheels-up. jet card · escrow →
Multi-currency settlement at mid-market rate · monthly statement.
Tier-3 verification on principal accounts · enhanced for invitation-tier.
Discretion architecture, not a checkbox.
Zero third-party trackers on principal-facing surfaces. Inspect at your leisure.
Principal data is never sold, ever. Operator data is contractually protected.
We don't run ads. We don't buy ads. We don't measure for ad networks.
Hash-chained, offline-verifiable.
Every quote, modification, and confirmation is appended to a Merkle hash-chain on Spanner. Operators export a CSV/JSON snapshot; auditors verify the root offline. We publish the root weekly.
Contact: mailto:security@oneways.ai Expires: 2027-12-31T23:59:59.000Z Encryption: https://oneways.ai/.well-known/pgp.asc Preferred-Languages: en Canonical: https://oneways.ai/.well-known/security.txt Policy: https://oneways.ai/trust#disclosure Hiring: not publicly
Coordinated disclosure within 90 days. Recognition page on request, anonymity respected.
security@oneways.ai →