Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	We recognize the critical importance of maintaining trust and safeguarding personal information. To achieve this, we have a cybersecurity governance framework in place, designed to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Our program is based on industry best practices, continuous benchmarking, and advanced security technology. It is managed by an experienced team of experts who receive regular training. Our cybersecurity program consists of controls designed to identify, protect against, detect, respond to, and recover from information and cybersecurity incidents. We have a cybersecurity and information security framework that includes risk assessment and mitigation through a threat intelligence-driven approach, application controls, and enhanced security with ransomware defense. The framework leverages International Organization for Standardization (ISO) 27001 standards for general information technology controls, the National Institute of Standards and Technology (NIST) Cyber Security Framework for measuring overall readiness to respond to cyber threats, and Sarbanes-Oxley (SOX) for the assessment of internal controls. We utilize policies, software, training programs, and hardware solutions that are designed to protect and monitor our environment, including multi-factor authentication on all critical systems, firewalls, intrusion detection and prevention systems, vulnerability and penetration testing, and identity management systems. Our Information Security team conducts regular information security awareness training for all employees involved in our systems and processes that handle customer data and audits of our systems and enhanced training for specialized personnel. We conduct semi-annual cyber awareness training and tabletop exercises to simulate incidents and practice responses. We use the findings to improve our practices and technologies. Our corporate IT Security and Risk organization, led by our Chief Information Security Officer (CISO), maintains an incident response plan, which outlines risk mitigation steps such as identification, triage, containment, eradication, recovery, and lessons learned and provides a framework for handling cybersecurity incidents based on the severity of the incident and facilitates cross-functional coordination across our business, and has established an enterprise Security Operations Center to identify cyber incidents in real time and activate an immediate response. We regularly conduct risk assessments to identify threats and vulnerabilities. We then use a qualitative methodology to evaluate the likelihood and impact of each risk. We identify risks from various sources, including vulnerability scans, penetration tests, vendors’ risk assessments, product and services audits, internal compliance assessments, and threat-hunting operations. We actively monitor our infrastructure and applications to identify evolving cyber threats, scan for vulnerabilities, and mitigate risks. Our Chief Information Security Officer (CISO) was appointed in March 2019 and brings extensive experience in cybersecurity and information security, having held various roles since 2006, including Director of IT Strategic Projects and Director of Infrastructure Services and Security. As CISO, he is responsible for overseeing our cybersecurity programs, managing cyber risks, and directing IT security operations. He holds a Bachelor’s degree in Systems Engineering from Universidad Autónoma de Colombia, a specialization in Digital Marketing from the University of California, Irvine, a diploma from the Cybersecurity Leadership Program at Duke University’s Sanford School of Public Policy, and a CISO Executive Certificate from Duke University. The CISO regularly reports to the Audit Committee and the Board of Directors on our cybersecurity strategy, including efforts to prevent, detect, mitigate, and respond to cybersecurity threats. The office of the CISO participates in several cybersecurity information industry groups with third parties to share and gather intelligence, benchmark best practices, and discuss emerging issues. These groups include the Aviation ISAC (Information Sharing and Analysis Center), the Star Alliance cybersecurity group, and the IATA cybersecurity group. We share threat intelligence and collaborate with organizations in various industries to share best practices, fight cybercrime, enhance privacy, discuss new technologies, understand regulatory changes, and advance our capabilities. We regularly schedule third-party vulnerability detection and testing for our IT infrastructure. We engage an independent security company to conduct monthly, annual, and on-demand tests for cyber vulnerabilities. Our Chief Information Officer and Chief Information Security Officer oversee our dedicated technology risk management and privacy teams, which work in partnership with our internal audit department to review information about technology-related internal controls with our independent external auditors as part of the overall internal controls process. We conduct cybersecurity “tabletop” exercises with respect to breach and other problematic information security scenarios. The facilitator poses questions to participants and advises how other companies typically respond to similar situations. Participants include key leaders and stakeholders from the Company, including Finance, Flight Operations, Airports, IT, and others. Our cybersecurity risk management program includes due diligence of third-party vendors’ information security programs. With a bi-monthly cadence, the corporate IT Security and Risk organization presents the state of cybersecurity risk and compliance to the corporate Chief Information Officer (CIO) and top IT management. Compliance with regulatory agencies and with internal policies and processes is included. This meeting is tracked as an IT governance control. With a bi-weekly cadence, the office of the CISO sends a status report to the CIO, which is presented in the corporate bi-weekly Executive Committee meeting that includes the CEO, CFO, COO, CCO (Chief Commercial Officer), Chief Legal Officer, and other executive officers. With a quarterly cadence, the CISO leads the Information Security Oversight Committee to discuss the progress and status of the corporate information security program. This meeting includes the Chief Legal Officer and Internal Audit. With a quarterly cadence, the CIO and the CISO prepare a cybersecurity status report to the Board of Directors and to the Audit Committee of the Board of Directors. The CIO and CISO present any relevant issues to the Committee and answer questions. The Audit Committee's primary function is to assist and advise the Board of Directors in fulfilling its oversight responsibilities by reviewing the effectiveness of our internal financial control and risk management systems, including cybersecurity and privacy risks and our procedures and policies for assessing and managing such risks. The Audit Committee reports on their interaction with management, their assessment of risk and provides any recommendation related to risk prevention and mitigation. Finally, our Corporate Business Continuity Plan is activated in the event of a cyber incident that significantly impacts our operations. This Business Continuity Plan involves the activation of several crisis committees and includes the participation of our CEO. We have cybersecurity insurance and regularly review our policy and levels of coverage based on current risks.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We recognize the critical importance of maintaining trust and safeguarding personal information. To achieve this, we have a cybersecurity governance framework in place, designed to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Our program is based on industry best practices, continuous benchmarking, and advanced security technology. It is managed by an experienced team of experts who receive regular training. Our cybersecurity program consists of controls designed to identify, protect against, detect, respond to, and recover from information and cybersecurity incidents.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	With a quarterly cadence, the CIO and the CISO prepare a cybersecurity status report to the Board of Directors and to the Audit Committee of the Board of Directors. The CIO and CISO present any relevant issues to the Committee and answer questions. The Audit Committee's primary function is to assist and advise the Board of Directors in fulfilling its oversight responsibilities by reviewing the effectiveness of our internal financial control and risk management systems, including cybersecurity and privacy risks and our procedures and policies for assessing and managing such risks. The Audit Committee reports on their interaction with management, their assessment of risk and provides any recommendation related to risk prevention and mitigation.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our corporate IT Security and Risk organization, led by our Chief Information Security Officer (CISO), maintains an incident response plan, which outlines risk mitigation steps such as identification, triage, containment, eradication, recovery, and lessons learned and provides a framework for handling cybersecurity incidents based on the severity of the incident and facilitates cross-functional coordination across our business, and has established an enterprise Security Operations Center to identify cyber incidents in real time and activate an immediate response.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	With a quarterly cadence, the CIO and the CISO prepare a cybersecurity status report to the Board of Directors and to the Audit Committee of the Board of Directors. The CIO and CISO present any relevant issues to the Committee and answer questions. The Audit Committee's primary function is to assist and advise the Board of Directors in fulfilling its oversight responsibilities by reviewing the effectiveness of our internal financial control and risk management systems, including cybersecurity and privacy risks and our procedures and policies for assessing and managing such risks. The Audit Committee reports on their interaction with management, their assessment of risk and provides any recommendation related to risk prevention and mitigation.
Cybersecurity Risk Role of Management [Text Block]	Our corporate IT Security and Risk organization, led by our Chief Information Security Officer (CISO), maintains an incident response plan, which outlines risk mitigation steps such as identification, triage, containment, eradication, recovery, and lessons learned and provides a framework for handling cybersecurity incidents based on the severity of the incident and facilitates cross-functional coordination across our business, and has established an enterprise Security Operations Center to identify cyber incidents in real time and activate an immediate response. We regularly conduct risk assessments to identify threats and vulnerabilities. We then use a qualitative methodology to evaluate the likelihood and impact of each risk. We identify risks from various sources, including vulnerability scans, penetration tests, vendors’ risk assessments, product and services audits, internal compliance assessments, and threat-hunting operations. We actively monitor our infrastructure and applications to identify evolving cyber threats, scan for vulnerabilities, and mitigate risks. Our Chief Information Security Officer (CISO) was appointed in March 2019 and brings extensive experience in cybersecurity and information security, having held various roles since 2006, including Director of IT Strategic Projects and Director of Infrastructure Services and Security. As CISO, he is responsible for overseeing our cybersecurity programs, managing cyber risks, and directing IT security operations. He holds a Bachelor’s degree in Systems Engineering from Universidad Autónoma de Colombia, a specialization in Digital Marketing from the University of California, Irvine, a diploma from the Cybersecurity Leadership Program at Duke University’s Sanford School of Public Policy, and a CISO Executive Certificate from Duke University. The CISO regularly reports to the Audit Committee and the Board of Directors on our cybersecurity strategy, including efforts to prevent, detect, mitigate, and respond to cybersecurity threats.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Our corporate IT Security and Risk organization, led by our Chief Information Security Officer (CISO), maintains an incident response plan, which outlines risk mitigation steps such as identification, triage, containment, eradication, recovery, and lessons learned and provides a framework for handling cybersecurity incidents based on the severity of the incident and facilitates cross-functional coordination across our business, and has established an enterprise Security Operations Center to identify cyber incidents in real time and activate an immediate response.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our Chief Information Security Officer (CISO) was appointed in March 2019 and brings extensive experience in cybersecurity and information security, having held various roles since 2006, including Director of IT Strategic Projects and Director of Infrastructure Services and Security. As CISO, he is responsible for overseeing our cybersecurity programs, managing cyber risks, and directing IT security operations. He holds a Bachelor’s degree in Systems Engineering from Universidad Autónoma de Colombia, a specialization in Digital Marketing from the University of California, Irvine, a diploma from the Cybersecurity Leadership Program at Duke University’s Sanford School of Public Policy, and a CISO Executive Certificate from Duke University.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	With a quarterly cadence, the CIO and the CISO prepare a cybersecurity status report to the Board of Directors and to the Audit Committee of the Board of Directors. The CIO and CISO present any relevant issues to the Committee and answer questions. The Audit Committee's primary function is to assist and advise the Board of Directors in fulfilling its oversight responsibilities by reviewing the effectiveness of our internal financial control and risk management systems, including cybersecurity and privacy risks and our procedures and policies for assessing and managing such risks. The Audit Committee reports on their interaction with management, their assessment of risk and provides any recommendation related to risk prevention and mitigation.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We recognize the critical importance of maintaining trust and safeguarding personal information. To achieve this, we have a cybersecurity governance framework in place, designed to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Our program is based on industry best practices, continuous benchmarking, and advanced security technology. It is managed by an experienced team of experts who receive regular training. Our cybersecurity program consists of controls designed to identify, protect against, detect, respond to, and recover from information and cybersecurity incidents.

We have a cybersecurity and information security framework that includes risk assessment and mitigation through a threat intelligence-driven approach, application controls, and enhanced security with ransomware defense. The framework leverages International Organization for Standardization (ISO) 27001 standards for general information technology controls, the National Institute of Standards and Technology (NIST) Cyber Security Framework for measuring overall readiness to respond to cyber threats, and Sarbanes-Oxley (SOX) for the assessment of internal controls.

We utilize policies, software, training programs, and hardware solutions that are designed to protect and monitor our environment, including multi-factor authentication on all critical systems, firewalls, intrusion detection and prevention systems, vulnerability and penetration testing, and identity management systems.

Our Information Security team conducts regular information security awareness training for all employees involved in our systems and processes that handle customer data and audits of our systems and enhanced training for specialized personnel. We conduct semi-annual cyber awareness training and tabletop exercises to simulate incidents and practice responses. We use the findings to improve our practices and technologies.

Our corporate IT Security and Risk organization, led by our Chief Information Security Officer (CISO), maintains an incident response plan, which outlines risk mitigation steps such as identification, triage, containment, eradication, recovery, and lessons learned and provides a framework for handling cybersecurity incidents based on the severity of the incident and facilitates cross-functional coordination across our business, and has established an enterprise Security Operations Center to identify cyber incidents in real time and activate an immediate response.

We regularly conduct risk assessments to identify threats and vulnerabilities. We then use a qualitative methodology to evaluate the likelihood and impact of each risk. We identify risks from various sources, including vulnerability scans, penetration tests, vendors’ risk assessments, product and services audits, internal compliance assessments, and threat-hunting operations. We actively monitor our infrastructure and applications to identify evolving cyber threats, scan for vulnerabilities, and mitigate risks.

Our Chief Information Security Officer (CISO) was appointed in March 2019 and brings extensive experience in cybersecurity and information security, having held various roles since 2006, including Director of IT Strategic Projects and Director of Infrastructure Services and Security. As CISO, he is responsible for overseeing our cybersecurity programs, managing cyber risks, and directing IT security operations. He holds a Bachelor’s degree in Systems Engineering from Universidad Autónoma de Colombia, a specialization in Digital Marketing from the University of California, Irvine, a diploma from the Cybersecurity Leadership Program at Duke University’s Sanford School of Public Policy, and a CISO Executive Certificate from Duke University. The CISO regularly reports to the Audit Committee and the Board of Directors on our cybersecurity strategy, including efforts to prevent, detect, mitigate, and respond to cybersecurity threats.

The office of the CISO participates in several cybersecurity information industry groups with third parties to share and gather intelligence, benchmark best practices, and discuss emerging issues. These groups include the Aviation ISAC (Information Sharing and Analysis Center), the Star Alliance cybersecurity group, and the IATA cybersecurity group.

We share threat intelligence and collaborate with organizations in various industries to share best practices, fight cybercrime, enhance privacy, discuss new technologies, understand regulatory changes, and advance our capabilities.

We regularly schedule third-party vulnerability detection and testing for our IT infrastructure. We engage an independent security company to conduct monthly, annual, and on-demand tests for cyber vulnerabilities.

Our Chief Information Officer and Chief Information Security Officer oversee our dedicated technology risk management and privacy teams, which work in partnership with our internal audit department to review information about technology-related internal controls with our independent external auditors as part of the overall internal controls process.

We conduct cybersecurity “tabletop” exercises with respect to breach and other problematic information security scenarios. The facilitator poses questions to participants and advises how other companies typically respond to similar situations. Participants include key leaders and stakeholders from the Company, including Finance, Flight Operations, Airports, IT, and others.

Our cybersecurity risk management program includes due diligence of third-party vendors’ information security programs.

With a bi-monthly cadence, the corporate IT Security and Risk organization presents the state of cybersecurity risk and compliance to the corporate Chief Information Officer (CIO) and top IT management. Compliance with regulatory agencies and with internal policies and processes is included. This meeting is tracked as an IT governance control.

With a bi-weekly cadence, the office of the CISO sends a status report to the CIO, which is presented in the corporate bi-weekly Executive Committee meeting that includes the CEO, CFO, COO, CCO (Chief Commercial Officer), Chief Legal Officer, and other executive officers.

With a quarterly cadence, the CISO leads the Information Security Oversight Committee to discuss the progress and status of the corporate information security program. This meeting includes the Chief Legal Officer and Internal Audit.

With a quarterly cadence, the CIO and the CISO prepare a cybersecurity status report to the Board of Directors and to the Audit Committee of the Board of Directors. The CIO and CISO present any relevant issues to the Committee and answer questions. The Audit Committee's primary function is to assist and advise the Board of Directors in fulfilling its oversight responsibilities by reviewing the effectiveness of our internal financial control and risk management systems, including cybersecurity and privacy risks and our procedures and policies for assessing and managing such risks. The Audit Committee reports on their interaction with management, their assessment of risk and provides any recommendation related to risk prevention and mitigation.

Finally, our Corporate Business Continuity Plan is activated in the event of a cyber incident that significantly impacts our operations. This Business Continuity Plan involves the activation of several crisis committees and includes the participation of our CEO. We have cybersecurity insurance and regularly review our policy and levels of coverage based on current risks.

Cybersecurity Risk Management Processes Integrated [Text Block]

We recognize the critical importance of maintaining trust and safeguarding personal information. To achieve this, we have a cybersecurity governance framework in place, designed to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Our program is based on industry best practices, continuous benchmarking, and advanced security technology. It is managed by an experienced team of experts who receive regular training. Our cybersecurity program consists of controls designed to identify, protect against, detect, respond to, and recover from information and cybersecurity incidents.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

With a quarterly cadence, the CIO and the CISO prepare a cybersecurity status report to the Board of Directors and to the Audit Committee of the Board of Directors. The CIO and CISO present any relevant issues to the Committee and answer questions. The Audit Committee's primary function is to assist and advise the Board of Directors in fulfilling its oversight responsibilities by reviewing the effectiveness of our internal financial control and risk management systems, including cybersecurity and privacy risks and our procedures and policies for assessing and managing such risks. The Audit Committee reports on their interaction with management, their assessment of risk and provides any recommendation related to risk prevention and mitigation.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

With a quarterly cadence, the CIO and the CISO prepare a cybersecurity status report to the Board of Directors and to the Audit Committee of the Board of Directors. The CIO and CISO present any relevant issues to the Committee and answer questions. The Audit Committee's primary function is to assist and advise the Board of Directors in fulfilling its oversight responsibilities by reviewing the effectiveness of our internal financial control and risk management systems, including cybersecurity and privacy risks and our procedures and policies for assessing and managing such risks. The Audit Committee reports on their interaction with management, their assessment of risk and provides any recommendation related to risk prevention and mitigation.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our Chief Information Security Officer (CISO) was appointed in March 2019 and brings extensive experience in cybersecurity and information security, having held various roles since 2006, including Director of IT Strategic Projects and Director of Infrastructure Services and Security. As CISO, he is responsible for overseeing our cybersecurity programs, managing cyber risks, and directing IT security operations. He holds a Bachelor’s degree in Systems Engineering from Universidad Autónoma de Colombia, a specialization in Digital Marketing from the University of California, Irvine, a diploma from the Cybersecurity Leadership Program at Duke University’s Sanford School of Public Policy, and a CISO Executive Certificate from Duke University.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true