Your Data Security is Our Priority

All data is encrypted both in transit and at rest using industry-standard protocols.

• Encryption at rest: AES-256 encryption for all stored data
• Encryption in transit: TLS 1.3 for all data transfers
• Key management: Hardware security modules (HSMs) for encryption key storage
• Database encryption: Transparent data encryption (TDE) on all database instances

Fload is actively pursuing SOC 2 Type II certification. Our security practices are designed to meet and exceed the Trust Services Criteria for security, availability, and confidentiality.

• Security policies and procedures aligned with SOC 2 requirements
• Continuous monitoring and logging of all system access
• Regular third-party security assessments and penetration testing
• Incident response plan with defined escalation procedures

We retain your data only as long as necessary to provide our services and comply with legal obligations.

• Active account data: Retained for the duration of your subscription
• Analytics data: Historical data retained per your plan settings
• Post-cancellation: Data deleted within 30 days of account closure upon request
• Backups: Encrypted backups retained for 90 days for disaster recovery
• Audit logs: Access and activity logs retained for 1 year

Fload implements strict access controls to ensure only authorized users can access your data.

• Role-based access control (RBAC): Granular permissions for team members
• Multi-factor authentication (MFA): Required for all account access
• SSO support: Enterprise single sign-on via SAML 2.0 and OAuth 2.0
• Session management: Automatic session timeout and device tracking
• API key management: Scoped API keys with rotation policies

Fload is fully committed to GDPR compliance and protecting the rights of EU data subjects.

• Data processing agreements: Standard contractual clauses available for all customers
• Right to access: Export all your data at any time from your dashboard
• Right to erasure: Request complete data deletion at any time
• Data minimization: We only collect data necessary to provide our services
• Privacy by design: Data protection built into every feature from inception

Our infrastructure is hosted on leading cloud providers with enterprise-grade security controls.

• SOC 2 certified cloud infrastructure providers
• Network isolation with private VPCs and security groups
• DDoS protection and WAF (Web Application Firewall)
• Automated vulnerability scanning and patching
• 24/7 infrastructure monitoring and alerting

Have Security Questions?

Our team is ready to answer your security and compliance questions. Reach us at security@fload.com.