Seguretat creada per a
secret professional entre advocat i client
Les dades legals es troben entre les més sensibles del món. FRITH està dissenyat des de zero amb la confidencialitat, la sobirania de les dades i el compliment com a primers principis, no com a pensaments secundaris.
Compliment i certificacions
Verificat independentment. S'actualitza anualment. Disponible a NDA.
SOC 2 Type II
Annual third-party audits verifying our security, availability, processing integrity, confidentiality, and privacy controls. Full report available under NDA.
GDPR Compliant
Full EU General Data Protection Regulation compliance including Data Processing Agreements, data subject rights (access, erasure, portability), and cross-border transfer mechanisms.
ISO 27001
International standard for information security management systems. Certified controls across risk management, asset security, access control, and incident response.
CCPA / CPRA
California Consumer Privacy Act compliance for US users, including opt-out rights, data sale prohibitions, and annual data access requests.
HIPAA Ready
BAA available for legal professionals handling healthcare matters. Technical, physical, and administrative safeguards aligned with HIPAA requirements.
Cyber Essentials Plus
UK government-backed certification. Independently verified controls for firewalls, secure configuration, access control, malware protection, and patch management.
Seguretat de les infraestructures
Basat en una infraestructura de núvol empresarial amb múltiples capes de protecció.
AES-256 Encryption at Rest
All stored data — documents, messages, matter details — is encrypted using AES-256. Database-level encryption with automated key rotation every 90 days.
TLS 1.3 in Transit
All data transmitted between your browser or app and FRITH servers is protected with TLS 1.3. We enforce HSTS and reject legacy protocols.
Multi-Region Infrastructure
Hosted on AWS across US East (Virginia), EU West (Ireland), and AP Southeast (Sydney). Data residency selection available on Enterprise plans.
Automated Backups
Continuous database backups with point-in-time recovery up to 30 days. Encrypted backups stored in geographically separate regions.
DDoS Protection
AWS Shield Advanced with always-on traffic monitoring and automatic mitigation. 99.9% uptime SLA backed by enterprise infrastructure.
Incident Response
Dedicated security incident response team with 2-hour response SLA for critical issues. Customers notified within 72 hours of any breach per GDPR requirements.
Controls d'accés i identitat
Permisos granulars, SSO, MFA i pistes d'auditoria: creats per a bufets d'advocats multiusuaris.
Role-Based Access Control (RBAC)
Granular permissions across admin, attorney, paralegal, billing, and client roles. Custom roles available on Enterprise plans.
Multi-Factor Authentication
TOTP authenticator app, SMS, and hardware key (WebAuthn/FIDO2) support. MFA can be enforced organisation-wide by admins.
SAML 2.0 SSO
Single sign-on via Microsoft Entra ID, Google Workspace, Okta, OneLogin, and any SAML 2.0 compliant identity provider.
Immutable Audit Logs
Every login, document access, AI query, matter update, and billing action is logged with timestamp, IP, and user identity — tamper-proof and exportable.
Row-Level Data Isolation
Multi-tenant architecture with row-level security in PostgreSQL. Each organisation's data is completely isolated — no cross-tenant access possible.
Bring Your Own Key (BYOK)
Connect your own OpenAI, Anthropic, or Gemini API keys. FRITH acts as a secure passthrough — your prompts and responses never touch our AI infrastructure.
Divulgació responsable
Ens prenem seriosament les vulnerabilitats de seguretat. Si descobreixes un problema de seguretat, informa'l al nostre equip de seguretat. Ens comprometem a reconèixer els informes en un termini de 24 hores, a proporcionar un termini de 72 hores i a acreditar als investigadors que revelin de manera responsable les vulnerabilitats verificades. security@frithai.com.
No facis públics els resultats abans que hàgim tingut l'oportunitat d'avaluar-los i corregir-los.
Preguntes freqüents sobre seguretat
Does FRITH train AI models on my data?
No. Your data is never used to train AI models. When using FRITH's managed AI, requests are processed in real-time and not stored by the AI provider. With BYOK, data flows directly from your browser to your chosen AI provider — FRITH never sees it.
Where is my data stored?
By default, data is stored in US East (AWS us-east-1). Enterprise customers can select EU (eu-west-1) or AP (ap-southeast-2) residency. All regions use AES-256 encryption at rest.
Can I export or delete all my data?
Yes. You can export all matters, documents, and communications at any time from your account settings. Full account deletion is available and completes within 30 days, with confirmation provided.
Do you sign Data Processing Agreements?
Yes. DPAs are available on all paid plans. Enterprise customers receive a customised DPA reviewed by our legal team. Contact legal@frithai.com to initiate.
What happens during a security incident?
Our incident response team is alerted immediately via automated monitoring. Affected customers are notified within 72 hours. Full post-incident reports are shared for any incident above severity level 2.
Tens alguna pregunta sobre les nostres pràctiques de seguretat?
El nostre equip de seguretat et respondrà en un termini de 24 hores.