Skip to content
Security & compliance

Aviation compliance, built into every deal. Not bolted on after.

Sanctions, airworthiness directives and certificates are screened before anything moves — and every action lands on a trail you can export and independently verify. EU-hosted, tenant-isolated, and yours to erase.

  • EU-hosted
  • OFAC + EU sanctions
  • FAA 8130-3 / EASA Form 1
  • Tamper-evident audit
  • GDPR export + erasure
Screened before it moves

The checks generic tools skip.

A parts deal isn’t done because the price is right. It has to clear sanctions, account for directives, and carry the right paperwork. PartsDesk runs those checks on every deal — so the quote that goes out is one you can stand behind.

01/Sanctions

Every customer and supplier is screened against the OFAC and EU consolidated lists (via OpenSanctions), refreshed daily. A hit blocks the outbound mail before it sends — and lands on your desk to clear.

02/Airworthiness directives

Every parsed RFQ is matched against active airworthiness directives. An affected part is flagged with the AD number and source — before you quote it, not after.

03/Certificates

FAA 8130-3 and EASA Form 1 tags are read by OCR — part number, serial, signatory and release date pulled out and held against the deal for receiving inspection.

The record

Every action, logged and verifiable.

Every broker-visible action and compliance check writes to an append-only, tenant-scoped trail. Filter it on your desk — or export it as a tamper-evident hash-chain, each entry’s hash chained to the one before, so a regulator or a buyer can verify the exported record is intact and unaltered.

  • Append-only — entries are added, never edited
  • Export as CSV, JSON, or a sha256 hash-chain
  • Seven-year retention, append-only
Audit export · hash-chainVerified
  1. 14:02:09rfq.received0a3f…b2c1
  2. 14:02:11sanctions.cleared7c10…9e3a
  3. 14:08:44quote.sente42b…1a55
  4. 15:31:02po.issuedb95d…4f08
  5. 16:47:20order.closed1f6c…77ad

each hash = sha256(prev + entry) — change one byte and the chain breaks

Your data

In the EU. Isolated. Yours.

PartsDesk is a back office, not a marketplace. It holds your customers, your suppliers and your prices — so where that data lives, and who can touch it, is the whole point.

Compute
Nuremberg · DE
Storage
Frankfurt · DE
Region
EU
EU-hosted

Compute in Nuremberg, object storage in Frankfurt — your customers, suppliers and prices are stored in Germany, in the EU. Some processing (mail, OCR, AI) runs through vetted EU and US providers, fully listed in our privacy policy.

Tenant-isolated

Every record is scoped to your tenant and walled off from every other broker on the platform — enforced in code, covered by an isolation test suite.

Yours to take, any time

Your customers, suppliers and history are yours to export in one click — the day you arrive or the day you leave. Plus GDPR erasure that scrubs a data subject across every mail direction, honoring legal holds.

Your address, your customer

Outbound goes from your own mailbox — your customer never sees us. The relationship, and its data, stay yours.

Encryption & certifications

Everything moves over TLS, and the credentials that connect to your mailbox are encrypted at rest. We're a young company and not yet SOC 2 certified — and we're not going to pretend otherwise. Instead we keep the whole picture on this page: where your data lives, who can reach it, and how you take it back, any day.

Make compliance the easy part.

See the screening and the audit trail running on a real deal — in a 30-day pilot, set up white-glove.