Сигурност, създадена за
привилегия адвокат - клиент
Правните данни са сред най - чувствителните в света. ФРИТ е проектиран от самото начало с поверителност, суверенитет на данните и съответствие като първи принципи, а не като последващи мисли.
СЪОТВЕТСТВИЕ И СЕРТИФИКАТИ
Независимо проверено. Актуализира се ежегодно. Предлага се под NDA.
SOC 2 Type II
Annual third-party audits verifying our security, availability, processing integrity, confidentiality, and privacy controls. Full report available under NDA.
GDPR Compliant
Full EU General Data Protection Regulation compliance including Data Processing Agreements, data subject rights (access, erasure, portability), and cross-border transfer mechanisms.
ISO 27001
International standard for information security management systems. Certified controls across risk management, asset security, access control, and incident response.
CCPA / CPRA
California Consumer Privacy Act compliance for US users, including opt-out rights, data sale prohibitions, and annual data access requests.
HIPAA Ready
BAA available for legal professionals handling healthcare matters. Technical, physical, and administrative safeguards aligned with HIPAA requirements.
Cyber Essentials Plus
UK government-backed certification. Independently verified controls for firewalls, secure configuration, access control, malware protection, and patch management.
Сигурност на инфраструктурата
Изграден върху корпоративна облачна инфраструктура с множество слоеве на защита.
AES-256 Encryption at Rest
All stored data — documents, messages, matter details — is encrypted using AES-256. Database-level encryption with automated key rotation every 90 days.
TLS 1.3 in Transit
All data transmitted between your browser or app and FRITH servers is protected with TLS 1.3. We enforce HSTS and reject legacy protocols.
Multi-Region Infrastructure
Hosted on AWS across US East (Virginia), EU West (Ireland), and AP Southeast (Sydney). Data residency selection available on Enterprise plans.
Automated Backups
Continuous database backups with point-in-time recovery up to 30 days. Encrypted backups stored in geographically separate regions.
DDoS Protection
AWS Shield Advanced with always-on traffic monitoring and automatic mitigation. 99.9% uptime SLA backed by enterprise infrastructure.
Incident Response
Dedicated security incident response team with 2-hour response SLA for critical issues. Customers notified within 72 hours of any breach per GDPR requirements.
Контрол на достъпа и идентичност
Гранулирани разрешения, SSO, МВнР и одитни пътеки — създадени за адвокатски кантори за много потребители.
Role-Based Access Control (RBAC)
Granular permissions across admin, attorney, paralegal, billing, and client roles. Custom roles available on Enterprise plans.
Multi-Factor Authentication
TOTP authenticator app, SMS, and hardware key (WebAuthn/FIDO2) support. MFA can be enforced organisation-wide by admins.
SAML 2.0 SSO
Single sign-on via Microsoft Entra ID, Google Workspace, Okta, OneLogin, and any SAML 2.0 compliant identity provider.
Immutable Audit Logs
Every login, document access, AI query, matter update, and billing action is logged with timestamp, IP, and user identity — tamper-proof and exportable.
Row-Level Data Isolation
Multi-tenant architecture with row-level security in PostgreSQL. Each organisation's data is completely isolated — no cross-tenant access possible.
Bring Your Own Key (BYOK)
Connect your own OpenAI, Anthropic, or Gemini API keys. FRITH acts as a secure passthrough — your prompts and responses never touch our AI infrastructure.
Отговорно разкриване
Отнасяме се сериозно към уязвимостите в сигурността. Ако откриете проблем със сигурността, подайте сигнал до нашия екип по сигурността. Ангажираме се да потвърждаваме сигнали в рамките на 24 часа, да предоставяме график в рамките на 72 часа и да кредитираме изследователи, които отговорно разкриват проверени уязвимости. security@frithai.com.
Моля, не оповестявайте публично констатациите, преди да сме имали възможност да оценим и отстраним проблема.
Често задавани въпроси за сигурността
Does FRITH train AI models on my data?
No. Your data is never used to train AI models. When using FRITH's managed AI, requests are processed in real-time and not stored by the AI provider. With BYOK, data flows directly from your browser to your chosen AI provider — FRITH never sees it.
Where is my data stored?
By default, data is stored in US East (AWS us-east-1). Enterprise customers can select EU (eu-west-1) or AP (ap-southeast-2) residency. All regions use AES-256 encryption at rest.
Can I export or delete all my data?
Yes. You can export all matters, documents, and communications at any time from your account settings. Full account deletion is available and completes within 30 days, with confirmation provided.
Do you sign Data Processing Agreements?
Yes. DPAs are available on all paid plans. Enterprise customers receive a customised DPA reviewed by our legal team. Contact legal@frithai.com to initiate.
What happens during a security incident?
Our incident response team is alerted immediately via automated monitoring. Affected customers are notified within 72 hours. Full post-incident reports are shared for any incident above severity level 2.
Имате въпроси относно практиките ни за сигурност?
Екипът ни по сигурността отговаря в рамките на 24 часа.