Spring 2026 EditionVol. XL · No. 1rogerwilcoaviation.comwheels-up since 2022
(605) 299-8178Book Service

Roger Wilco Aviation Services

FAA CERT. REPAIR STATION · AVIONICS · AIRFRAME & POWERPLANT · NDT · FABRICATION
Cert. No. RWSR491E
KYKN · Yankton, SD
FAA Part 145 Repair Station · Cert. RWSR491EAuthorizedGarminDealerAEA MemberNBAA Member
Trust & Safety— belt, suspenders, and a spare chute —

Security at Roger Wilco

How we protect the panel, the ledger, and the customer data that rides along with both.

Last updated April 21, 2026
Payments

Card data never touches our servers

Online orders are processed by Shopify Payments, a PCI-DSS Level 1 certified processor. When you enter a card number it is tokenized by Shopify before it reaches us — we see only the last four digits and the authorization result. We do not store, log, or transmit raw card data.

Quote invoices paid by wire, ACH, or check are processed through our bank over standard banking rails and governed by the bank’s security controls. We destroy paper invoices with card data immediately after authorization.

Transport & Hosting

Encrypted in flight & at rest

All traffic to rogerwilcoaviation.com, the aircraft marketplace, and the Captain Jerry assistant runs over TLS 1.2 or better, terminated at Cloudflare. Certificates are issued and rotated automatically. Legacy protocols (SSL, TLS 1.0/1.1) are disabled.

The site is statically exported and served from Cloudflare Pages — there is no public application server to attack. Backend services (listings API, Captain Jerry, Shopify proxy) are private by default, locked behind bearer-token authentication, and accessible only from our origin.

Credentials, tokens, and API keys are stored in Keeper, our password manager, and in dedicated secret files on the Jerry workstation. Secrets are never checked into git.

Marketplace

Seller accounts & listing integrity

Aircraft-for-sale sellers authenticate with email+magic-link sessions issued by our listings API. Sessions are bound to a single account, expire automatically, and can be revoked by request. We never store passwords — there are no passwords to leak.

Listings are reviewed before they appear on the public index. We reserve the right to remove any listing found to misrepresent an aircraft, its logbooks, or its title history.

Responsible Disclosure

Found a bug? Tell us.

If you believe you’ve found a security issue in any Roger Wilco property, email [email protected] with a reproducer and we’ll respond as quickly as we can. Please do not publicly disclose the issue until we’ve had a chance to remediate it. We appreciate good-faith research and will credit you in any public writeup with your permission.