This page is for administrators, accountable executives, and anyone who needs to understand how
PlaneConnection protects organizational data. If you are looking for user role configuration,
see the user roles reference. For workspace setup, see the workspace configuration guide.
Why Isolation Matters in Aviation
Aviation data carries unique sensitivity. Safety reports may describe incidents with regulatory, legal, or insurance implications. A report about a crew fatigue event, a maintenance discrepancy, or a near miss could be relevant to an FAA investigation, an insurance claim, or litigation. If that data were visible to other organizations on the platform, the consequences would range from competitive exposure to legal liability. Operational data is similarly sensitive. Flight schedules, passenger manifests, crew assignments, and financial records reveal business patterns that operators must control. Personnel records include training histories, medical status, and certification details that are subject to privacy requirements. For regulatory compliance, isolation serves a specific purpose: when the FAA requests records during an inspection or audit, you must be able to produce exactly your data — complete, accurate, and uncontaminated by data from other organizations. Multi-tenancy architecture must guarantee this.How PlaneConnection Isolates Data
The Workspace Model
Every organization in PlaneConnection operates within its own workspace. A workspace is identified by a unique slug — a short, URL-safe identifier likeskyline-air or global-jets — that
appears in every URL: planeconnection.com/skyline-air/safety/reports.
This workspace identifier is not cosmetic. It is the entry point for
a chain of data isolation that extends from the URL through the
application layer and into the database.
Database-Level Isolation
Every record belongs to a specific workspace, and every query filters on this boundary. A query executed in the context of Organization A will never return records belonging to Organization B, regardless of the query’s other parameters. All modules — safety reports, risk assessments, investigations, crew records, aircraft, trips, documents — use the same isolation mechanism, and new features automatically inherit workspace isolation.Authentication and Authorization
Users are authenticated at the platform level and associated with a specific workspace. Authorization operates within the workspace boundary — a user with a “safety_manager” role in Organization A has safety management permissions only for Organization A’s data.Multi-Layer Enforcement
Data isolation is enforced at multiple independent layers — routing, authentication, and data access — so that no single layer’s failure can expose another organization’s data. Requests for workspaces the user does not belong to are rejected before any data is accessed.Workspace Configuration
Each workspace has its own configuration, fully independent of every other workspace:| Setting | Scope |
|---|---|
| Safety policy and objectives | Per workspace |
| Risk assessment criteria and matrix | Per workspace |
| User roles and permissions | Per workspace |
| Enabled modules (Safety, Operations) | Per workspace |
| Subscription tier and limits | Per workspace |
| Document storage | Per workspace |
| Notification preferences | Per workspace |
| Integration settings (QuickBooks, FBOs, etc.) | Per workspace |
| Report classifications and categories | Per workspace |
| SPI definitions and targets | Per workspace |
What This Means for FAA Compliance
Data isolation directly supports several Part 5 requirements: Record integrity (Section 5.95-5.97). When the FAA requests SMS records, PlaneConnection produces records from your workspace only. There is no possibility of cross-contamination from other organizations’ data, and no manual filtering is required to separate your records from others. Audit trails. Every action in your workspace — report submissions, status changes, approvals, risk assessments, CPA completions — is timestamped and attributed within your isolated data environment. These audit trails satisfy Part 5 Subpart F requirements and are available exclusively to your organization and authorized FAA personnel. Confidentiality of safety data. Non-punitive reporting (Section 5.21) depends on reporters trusting that their reports are handled appropriately. Multi-tenancy ensures that safety reports are visible only within your organization, to the personnel you designate.Platform Administration
PlaneConnection platform administrators can access workspaces for operational support purposes. This access is strictly controlled:- All administrative access is logged and auditable
- Support sessions use impersonation workflows with clear visual indicators that impersonation is active
- Administrative access is limited to platform-level functions such as provisioning, subscription management, and technical support
- No administrative action can modify safety data without explicit authorization from the workspace owner
Administrative access to a workspace for support purposes is logged and visible to workspace
administrators. PlaneConnection maintains transparency about when and why support personnel
access your data.
Summary
From your perspective as a PlaneConnection user, multi-tenancy is invisible by design. Your workspace looks and behaves as though it is a dedicated application serving only your organization. Your data, configuration, users, and safety records exist in complete isolation. When you submit a safety report, only your organization’s personnel see it. When you generate a compliance report, it reflects only your data. When the FAA requests records, you produce exactly what is yours — nothing more, nothing less.Related
Modules Overview
The features available within each workspace.
FAA 14 CFR Part 5 Overview
The compliance requirements that drive data integrity needs.
Flight Operations Data Model
How operational data is structured within a workspace.
AI in Aviation Safety
How AI features respect workspace boundaries.