تم تصميم الأمان من أجل
امتياز محامي / عميل
البيانات القانونية هي من بين الأكثر حساسية في العالم. تم تصميم فريث من الألف إلى الياء مع السرية وسيادة البيانات والامتثال كمبادئ أولى — وليس أفكارًا لاحقة.
الامتثال والشهادات
تم التحقق منه بشكل مستقل. يتم تحديثه سنويًا. متاح بموجب اتفاقية عدم الإفصاح.
SOC 2 Type II
Annual third-party audits verifying our security, availability, processing integrity, confidentiality, and privacy controls. Full report available under NDA.
GDPR Compliant
Full EU General Data Protection Regulation compliance including Data Processing Agreements, data subject rights (access, erasure, portability), and cross-border transfer mechanisms.
ISO 27001
International standard for information security management systems. Certified controls across risk management, asset security, access control, and incident response.
CCPA / CPRA
California Consumer Privacy Act compliance for US users, including opt-out rights, data sale prohibitions, and annual data access requests.
HIPAA Ready
BAA available for legal professionals handling healthcare matters. Technical, physical, and administrative safeguards aligned with HIPAA requirements.
Cyber Essentials Plus
UK government-backed certification. Independently verified controls for firewalls, secure configuration, access control, malware protection, and patch management.
أمن البنية التحتية
مبنية على البنية التحتية السحابية للمؤسسات مع طبقات متعددة من الحماية.
AES-256 Encryption at Rest
All stored data — documents, messages, matter details — is encrypted using AES-256. Database-level encryption with automated key rotation every 90 days.
TLS 1.3 in Transit
All data transmitted between your browser or app and FRITH servers is protected with TLS 1.3. We enforce HSTS and reject legacy protocols.
Multi-Region Infrastructure
Hosted on AWS across US East (Virginia), EU West (Ireland), and AP Southeast (Sydney). Data residency selection available on Enterprise plans.
Automated Backups
Continuous database backups with point-in-time recovery up to 30 days. Encrypted backups stored in geographically separate regions.
DDoS Protection
AWS Shield Advanced with always-on traffic monitoring and automatic mitigation. 99.9% uptime SLA backed by enterprise infrastructure.
Incident Response
Dedicated security incident response team with 2-hour response SLA for critical issues. Customers notified within 72 hours of any breach per GDPR requirements.
ضوابط الوصول والهوية
الأذونات الحبيبية، تسجيل الدخول الأحادي، مصادقة وزارة الخارجية، ومسارات التدقيق — مصممة لشركات المحاماة متعددة المستخدمين.
Role-Based Access Control (RBAC)
Granular permissions across admin, attorney, paralegal, billing, and client roles. Custom roles available on Enterprise plans.
Multi-Factor Authentication
TOTP authenticator app, SMS, and hardware key (WebAuthn/FIDO2) support. MFA can be enforced organisation-wide by admins.
SAML 2.0 SSO
Single sign-on via Microsoft Entra ID, Google Workspace, Okta, OneLogin, and any SAML 2.0 compliant identity provider.
Immutable Audit Logs
Every login, document access, AI query, matter update, and billing action is logged with timestamp, IP, and user identity — tamper-proof and exportable.
Row-Level Data Isolation
Multi-tenant architecture with row-level security in PostgreSQL. Each organisation's data is completely isolated — no cross-tenant access possible.
Bring Your Own Key (BYOK)
Connect your own OpenAI, Anthropic, or Gemini API keys. FRITH acts as a secure passthrough — your prompts and responses never touch our AI infrastructure.
الإفصاح المسؤول
نحن نأخذ الثغرات الأمنية على محمل الجد. إذا اكتشفت مشكلة أمنية، فيرجى إبلاغ فريقنا الأمني بها. نلتزم بالإقرار بالتقارير في غضون 24 ساعة، وتقديم جدول زمني في غضون 72 ساعة، وننسب الفضل إلى الباحثين الذين يكشفون بمسؤولية عن نقاط الضعف التي تم التحقق منها. security@frithai.com.
يرجى عدم الكشف عن النتائج علنًا قبل أن تتاح لنا الفرصة للتقييم والمعالجة.
الأسئلة الشائعة حول الأمان
Does FRITH train AI models on my data?
No. Your data is never used to train AI models. When using FRITH's managed AI, requests are processed in real-time and not stored by the AI provider. With BYOK, data flows directly from your browser to your chosen AI provider — FRITH never sees it.
Where is my data stored?
By default, data is stored in US East (AWS us-east-1). Enterprise customers can select EU (eu-west-1) or AP (ap-southeast-2) residency. All regions use AES-256 encryption at rest.
Can I export or delete all my data?
Yes. You can export all matters, documents, and communications at any time from your account settings. Full account deletion is available and completes within 30 days, with confirmation provided.
Do you sign Data Processing Agreements?
Yes. DPAs are available on all paid plans. Enterprise customers receive a customised DPA reviewed by our legal team. Contact legal@frithai.com to initiate.
What happens during a security incident?
Our incident response team is alerted immediately via automated monitoring. Affected customers are notified within 72 hours. Full post-incident reports are shared for any incident above severity level 2.