Бяспека пабудавана для
адвакацкая тайна
Юрыдычныя дадзеныя з 'яўляюцца аднымі з самых адчувальных у свеце. Фрыт распрацавана з нуля з канфідэнцыяльнасцю, суверэнітэтам дадзеных і захаваннем у якасці першых прынцыпаў, а не паслядоўнасцяў.
Адпаведнасць і сертыфікаты
Незалежна праверана. Абнаўляецца штогод. Даступна ў рамках NDA.
SOC 2 Type II
Annual third-party audits verifying our security, availability, processing integrity, confidentiality, and privacy controls. Full report available under NDA.
GDPR Compliant
Full EU General Data Protection Regulation compliance including Data Processing Agreements, data subject rights (access, erasure, portability), and cross-border transfer mechanisms.
ISO 27001
International standard for information security management systems. Certified controls across risk management, asset security, access control, and incident response.
CCPA / CPRA
California Consumer Privacy Act compliance for US users, including opt-out rights, data sale prohibitions, and annual data access requests.
HIPAA Ready
BAA available for legal professionals handling healthcare matters. Technical, physical, and administrative safeguards aligned with HIPAA requirements.
Cyber Essentials Plus
UK government-backed certification. Independently verified controls for firewalls, secure configuration, access control, malware protection, and patch management.
Бяспека інфраструктуры
Пабудаваная на карпаратыўнай хмарнай інфраструктуры з мноствам узроўняў абароны.
AES-256 Encryption at Rest
All stored data — documents, messages, matter details — is encrypted using AES-256. Database-level encryption with automated key rotation every 90 days.
TLS 1.3 in Transit
All data transmitted between your browser or app and FRITH servers is protected with TLS 1.3. We enforce HSTS and reject legacy protocols.
Multi-Region Infrastructure
Hosted on AWS across US East (Virginia), EU West (Ireland), and AP Southeast (Sydney). Data residency selection available on Enterprise plans.
Automated Backups
Continuous database backups with point-in-time recovery up to 30 days. Encrypted backups stored in geographically separate regions.
DDoS Protection
AWS Shield Advanced with always-on traffic monitoring and automatic mitigation. 99.9% uptime SLA backed by enterprise infrastructure.
Incident Response
Dedicated security incident response team with 2-hour response SLA for critical issues. Customers notified within 72 hours of any breach per GDPR requirements.
Кантроль доступу і ідэнтыфікацыя
Грануляваныя дазволы, ОСА, МЗС і аўдытарскія трэкі — пабудаваныя для шматкарыстальніцкіх юрыдычных фірмаў.
Role-Based Access Control (RBAC)
Granular permissions across admin, attorney, paralegal, billing, and client roles. Custom roles available on Enterprise plans.
Multi-Factor Authentication
TOTP authenticator app, SMS, and hardware key (WebAuthn/FIDO2) support. MFA can be enforced organisation-wide by admins.
SAML 2.0 SSO
Single sign-on via Microsoft Entra ID, Google Workspace, Okta, OneLogin, and any SAML 2.0 compliant identity provider.
Immutable Audit Logs
Every login, document access, AI query, matter update, and billing action is logged with timestamp, IP, and user identity — tamper-proof and exportable.
Row-Level Data Isolation
Multi-tenant architecture with row-level security in PostgreSQL. Each organisation's data is completely isolated — no cross-tenant access possible.
Bring Your Own Key (BYOK)
Connect your own OpenAI, Anthropic, or Gemini API keys. FRITH acts as a secure passthrough — your prompts and responses never touch our AI infrastructure.
Адказная раскрыццё інфармацыі
Мы сур 'ёзна ставімся да ўразлівасцяў бяспекі. Калі вы выявілі праблему бяспекі, паведаміце пра гэта нашай камандзе бяспекі. Мы абавязваемся прызнаваць справаздачы на працягу 24 гадзін, прадастаўляць тэрміны на працягу 72 гадзін, а таксама спасылацца на даследчыкаў, якія адказна раскрываюць правераныя ўразлівасці. security@frithai.com.
Калі ласка, не публікуйце высновы, перш чым у нас будзе магчымасць ацаніць і выправіць.
Пытанні бяспекі
Does FRITH train AI models on my data?
No. Your data is never used to train AI models. When using FRITH's managed AI, requests are processed in real-time and not stored by the AI provider. With BYOK, data flows directly from your browser to your chosen AI provider — FRITH never sees it.
Where is my data stored?
By default, data is stored in US East (AWS us-east-1). Enterprise customers can select EU (eu-west-1) or AP (ap-southeast-2) residency. All regions use AES-256 encryption at rest.
Can I export or delete all my data?
Yes. You can export all matters, documents, and communications at any time from your account settings. Full account deletion is available and completes within 30 days, with confirmation provided.
Do you sign Data Processing Agreements?
Yes. DPAs are available on all paid plans. Enterprise customers receive a customised DPA reviewed by our legal team. Contact legal@frithai.com to initiate.
What happens during a security incident?
Our incident response team is alerted immediately via automated monitoring. Affected customers are notified within 72 hours. Full post-incident reports are shared for any incident above severity level 2.
Пытанні аб нашай практыцы бяспекі?
Наша каманда бяспекі адказвае на працягу 24 гадзін.