Fideria
Log inDemo
Trust

Security & Trust

Last updated June 13, 2026. A factual overview of how Fideria protects customer data and meets European compliance requirements.

Document
Data Processing Agreement
GDPR Article 28 template · PDF, 3 pages
Download DPA →
Data residency
EU · Frankfurt
Encryption
TLS 1.2+ · AES-256
Breach SLA
72h · GDPR Art. 33
Compliance posture

We're transparent about where we are today. Fideria is built to enterprise standards and aligned with European frameworks, but we do not yet hold formal third-party certifications. A DPA is available for every customer on request.

GDPR
Implemented
Article 20 export and Article 17 deletion in-product.
Multi-tenant isolation
Implemented
Row-Level Security on every table, scoped by organization.
Admin-gated writes
Implemented
Org settings, roles, SSO and alerts restricted to admins at the database layer.
ISO 27001
Planned
Controls implemented · certification target 2027.
ISO 42001
Planned
AI management system aligned with 27001 timeline.
SOC 2 Type II
Planned
Controls implemented · audit window planned 2027.
EU AI Act
Aligned
Transparency, risk, data governance, human oversight.
NIS2
Aligned
Technical and organizational measures applicable to our role.
Data residency
Implemented
All production data stored in Frankfurt.
Security is a posture, not a checkbox. We publish what's in place, what's aligned, and what's planned, and we don't pretend otherwise.
Fideria security posture
Controls in place
01AI governance & data handlingCustomer data is isolated, never used to train foundation models, and deletable on request.
  • Per-organization isolation enforced by Row-Level Security.
  • Customer data and prompts not used to train foundation models.
  • Deletion within 30 days; backups roll off within 35.
02Infrastructure & encryptionEU-hosted, encrypted in transit and at rest, with daily backups.
  • EU infrastructure operated by ISO 27001 / SOC 2 providers.
  • TLS 1.2+ in transit, AES-256 at rest, secrets in managed vault.
  • Daily encrypted backups with point-in-time recovery.
03Access controlSSO, role-based access, MFA for staff and least-privilege engineering.
  • SAML 2.0 SSO for enterprise; RBAC separated from profile data.
  • MFA enforced for all Fideria staff with production access.
  • Engineering access is time-bound and reviewed quarterly.
04Audit loggingAppend-only audit log for every security-relevant action, exportable as CSV.
  • Per-organization, append-only audit log.
  • Covers sign-in, role changes, SSO config, data export and deletion.
  • Admins can search, filter by severity and export as CSV.
05Application securityValidated inputs, signed webhooks, dependency scanning and continuous policy audits.
  • Zod validation on every server endpoint; bearer tokens validated server-side.
  • Webhook signatures verified with constant-time comparison.
  • Dependency scanning, static analysis and database linter on every release.
  • RLS policies and SECURITY DEFINER grants audited 13 June 2026 — no critical findings open.
06Incident responseOn-call rotation with defined severities and 72-hour GDPR breach notice.
  • On-call rotation with defined severity levels and response times.
  • Personal-data breach notification within 72h (GDPR Art. 33).
  • Post-incident reviews shared with affected customers.
EU
Resident data
72h
Breach SLA
0
Training on your data
30d
Deletion window
Sub-processors
A small, vetted list for hosting, authentication, email and AI inference. Customers receive 30 days' notice before any material change.
View list
Responsible disclosure
Security issues to security@fideria.ai. Acknowledged within two business days. No legal action for good-faith research.
Report an issue
Documentation on request
DPA, sub-processor list, CAIQ-Lite, pen-test summary and architecture overview available to enterprise customers.
Request docs