Log inTry demoBook DemoPricing

Features

Assess & Plan

AI Readiness AssessmentAsync WorkshopsAI Strategy ConsultantPartner Consultant NetworkFrontier Firm DesignerLive SessionsStrategic RoadmapStrategy Canvas

Build & Deploy

Agent StoreAgent StudioCopilot Studio IntegrationDeployment InfrastructureSharePoint IntegrationMicrosoft Teams Agent

Govern & Comply

EU AI Act ComplianceAgent GovernanceISO 42001 CertificationShadow AI DetectorAI Vendor Resilience

Measure & Adopt

AI Tool TrackerExecutive Board PackEmployee PackCustomer Memory EngineAdoption Metrics & ROIStrategic OKRs
Who It's ForIndustries

Resources

Guides

Compliance GuideEU AI Act ComplianceMicrosoft 365 Copilot & Agent 365

Integrations

Dify integrationLangflow integrationn8n integration

Interactive

EU AI Act QuizROI Calculator

Reference

BlogDeveloper DocsFAQ
AboutPartners
Language
Enterprise-Grade Security

Security & Trust Center

Enterprise-grade security and compliance built into every layer of our platform. Your data is stored exclusively in the EU, encrypted at every level, and protected by industry-leading infrastructure.

GDPR CompliantEU Data ResidencySOC 2 Infrastructure
100% EU

Data residency

AES-256

Encryption at rest

TLS 1.3

Encryption in transit

Security Practices

Data Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database-level encryption is managed by Supabase with automated key rotation. Deployment credentials are encrypted via Supabase Vault (AES-256-GCM) and never logged or exposed.

EU Data Residency

All customer data is stored in the EU (Frankfurt, Germany). Serverless functions execute in EU regions (Stockholm, Paris). No customer data leaves the EU. AI processing uses Standard Contractual Clauses with no PII sent to AI models.

GDPR Compliance

Fully GDPR compliant with Data Processing Agreement (DPA) available on request. Data export (JSON) and account deletion available in Settings. Cookie consent managed on first visit. Privacy impact assessments conducted for all new features.

Infrastructure Security

Hosted on Vercel (SOC 2 Type II certified) and Supabase (SOC 2 Type II certified). PostgreSQL with Row Level Security (RLS) enforced on every table. Automated backups, point-in-time recovery, and network isolation.

Authentication & Access Control

Email/password with bcrypt hashing, Google and Microsoft OAuth. Role-based access control (RBAC) with 7 organisation roles and 4 partner roles. SAML SSO and SCIM provisioning for Enterprise customers. All permissions enforced server-side.

Immutable Audit Trail

All significant platform actions are logged in an immutable, append-only audit trail. Records can never be modified or deleted. Full traceability for compliance reviews, incident investigation, and regulatory audits (EU AI Act Article 26).

Penetration Testing

Annual penetration testing conducted by independent third-party security firms. Remediation of findings is tracked and verified. Full reports available to Enterprise customers under NDA upon request.

Incident Response

24-hour incident response SLA with defined escalation procedures. Security incidents are triaged, investigated, and communicated promptly. Status page available at status.fronterio.com. Affected customers notified within 72 hours per GDPR requirements.

How We Handle Your Data

Your data is yours. We process it only to provide the platform services you subscribed to. Here's how we protect it at every level:

AI data handling — No personally identifiable information (PII) is sent to AI models. Only anonymised organisational scores, aggregated metrics, and structural context are used. AI Consultant conversations are never used to train AI models.

Multi-tenant isolation — Every database table enforces Row Level Security (RLS). Partner data is strictly isolated — one partner can never access another partner's customer data. System-level data isolation is enforced at the database layer, not just the application layer.

Anonymisation — Benchmark data and playbook library content are fully anonymised before aggregation. No company names, employee names, or identifying information is retained in shared datasets.

Compliance & Certifications

GDPR

Full compliance with EU General Data Protection Regulation. DPA available on request.

EU AI Act

Platform designed for EU AI Act deployer obligations. Risk classification, FRIA wizard, audit trail.

SOC 2 Type II

Infrastructure partners (Vercel, Supabase) are SOC 2 Type II certified.

ISO 27001

On our roadmap. Currently following ISO 27001 best practices for information security.

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

How to Report

Email security@fronterio.com with a detailed description of the vulnerability.

Please include:

  • Description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Your contact information for follow-up
  • Any proof-of-concept code (if applicable)

Response Timeline

  • Acknowledgement within 48 hours
  • Triage and initial assessment within 5 business days
  • Regular updates on remediation progress

Safe Harbor

We will not take legal action against researchers who report vulnerabilities responsibly, act in good faith, and do not access or modify other users' data. We ask that you allow us a reasonable time to address the issue before any public disclosure.

Need more details?

We're happy to answer security questions, provide our DPA, or walk through our security practices with your team.

security@fronterio.com
Fronterio ApS
2840 Holte, Denmark
Request Security QuestionnaireDownload Security Overview PDF
Security — Enterprise-Grade Data Protection | Fronterio | Fronterio