At Frankli, we are committed to offering world-class data protection standards to ensure your data is safe and your compliance requirements are met.
Our mission at Frankli is to be the go-to, people-centric Performance OS for high-performing start-ups and scale-ups everywhere. A place where you can store all your people and team's performance data, accelerate people operations and track company and team growth. This mission can’t be fulfilled without us implementing strict technical measures and following the highest security standards to build trust with our customers.
Here you’ll find information on how we approach security, and if you have additional questions, feel free to get in touch at hello@frankli.io.
We have partnered with AWS as our dedicated hosting environment. Our data centre provider AWS Cloud Platform supports more security standards and compliance certifications than any other offering, including ISO 27001 compliance, PCI certification, and SOC. Our hosting environment is also fully-redundant with disaster recovery procedures.
Please visit the AWS Cloud Platform security site for more information about their certification and compliance.
Frankli's infrastructure is hosted on servers in the European Union. This allows us to meet regulatory and compliance requirements. Our data centre provider AWS Cloud Platform supports more security standards and certifications than any other offering, including SOC 1, SOC 2, SOC 3, and ISO27001. All data is encrypted both in transit and at rest using the industry-standard AES-256 encryption algorithm.
In addition to the industry standard in transit and at rest data encryption (AES256), weutilise at-work encryption using the RSA algorithm with a 256bit key. This allows us to introspect, service, and operate Frankli without having programmers and administrators inadvertently exposed to private data during the course of their work.
All user data is transported securely, as all traffic is encrypted in transit via SSL. We use 256-bit SSL/TLS.1.2 encryption, utilising both the ECDSA and RSA algorithms.
Our application forces all requests over HTTPS, ensuring all traffic is secured in transit and protects against protocol downgrade attacks.
Our application uses a series of security headers, including X-Frame-Options, X-XSS-Protection and Content-Security-Policy, to mitigate a wide range of common security issues.
We partner with world-leading security providers to perform regular security penetration testing of our systems and platform.
In a data breach involving personal data, we have a dedicated policy and procedure that we follow. As part of this, we will promptly report directly to the people (data subjects) involved.
Frankli will comply with all applicable Data Protection Laws in the Processing of Company Personal Data and not Process Company Personal Data other than on the relevant Company’s documented instructions.
Our sub-processors are leaders in their space and have security as top priority. You can find the list of our sub-processors in our Privacy Policy page.
Frankli is committed to compliance with the General Data Protection Regulation and meeting our legal obligation by helping our customers become compliant.
Frankli never stores any credit card information. We have partnered with Stripe for credit card processing in the App, which allows us to leverage AES256 encryption at rest, with PCI Service Provider Level 1 standards in the storage and handling of the credit card information. This is the most stringent level of certification available to the payments industry.
We also offer an alternative, secure payment processing by EFT bank transfers.
Only those who need access to investigate, improve or operate the system have access. We make sure there are several layers of controls that individuals must go through to access customer data, following detailed policies.
All of our staff undergo regular security awareness training and must complete detailed policy reviews and acceptance as part of this training.
We run automated backups of our databases every night to ensure your data stays safe and highly available.
We collect detailed logs to ensure we have a high-resolution trail of the actions performed across the platform for any incident investigation if so required.
We have partnered with a dedicated IT solutions provider to provide us with automated systems in place that monitor the versions and vulnerabilities in all of the software that powers Frankli. Our infrastructure is continuously scanned and updated to the latest and most secure software versions, following our dedicated policies.
We run an extensive suite of automated tests after each code change and as part of every build to verify the correctness of Frankli features, including authentication and the permission system.
If you believe you have discovered a vulnerability in our product or have a security incident to report, please contact hello@frankli.io.
By reporting a suspected issue, you agree to not publicly disclose your findings or the contents of your submission to any third parties without Frankli's prior written approval. Detailed and quality reporting is essential to Frankli, and you must include a working Proof of Concept.
