Protecting What Matters the Most Your Security, Our Priority.
Security is the cornerstone of Freya, far more than just a feature, but a foundation. Our commitment to protecting the privacy and integrity of our customers' files and data is unwavering. Our security program, aligned with leading industry standards including SOC 2, ISO 27001, and GDPR, is crafted to offer enterprise-grade protection. This ensures that your team can gather insights securely and operate with utmost confidence.
Behind the Scenes of Freya's Security Stack:
Freya is powered by a meticulously configured AWS environment, ensuring security, scalability, and compliance with cloud-native best practices. Our commitment to using only certified cloud infrastructure guarantees top-tier protection for your data:
Quality Assurance: ISO 9001:2015 certification ensures consistent operational quality.
Information Security: Adhering to ISO/IEC 27017:2015, we implement stringent security controls for cloud services.
Privacy Protection: In line with ISO/IEC 27018:2019, we rigorously safeguard personally identifiable information (PII) in the cloud.
Reliability and Trust: SOC 2 Type II certification reflects our dedication to superior security and data management standards.
Your data's security while it resides in our systems is non-negotiable. We employ advanced encryption methodologies to protect your data at rest. Using AWS Key Management Service (KMS) with Customer Managed Keys, we implement 256-bit AES-GCM encryption. This top-of-class encryption ensures that your data is inaccessible to unauthorized entities, providing a secure layer that keeps your information confidential and intact.
As your data travels across the internet, it remains under our vigilant protection. We utilize the latest in secure transmission technologies, employing the TLS 1.2 protocol to encrypt data in transit. This protocol ensures that any data moving between our servers and your browser is encrypted and secure from interception or unauthorized access.
To safeguard access to our systems, Freya employs Single Sign-On (SSO) integration via the SAML protocol. We emphasize the importance of multi-factor authentication, ensuring that only authorized personnel can access sensitive information.
Our security practices are aligned with the OWASP guidelines for secure coding and application security. We implement the principle of least privilege, limiting access to our tech teams and empowering administrators with only the necessary privileges. Our infrastructure includes a Web Application Firewall (WAF) to monitor and protect web traffic.
At Freya, we implement a least privilege policy, limiting access rights to only what's necessary for specific tasks. This minimizes security risks and aligns with our privacy-first ethos, enhancing system security and preventing unauthorized access.
Freya's digital environment is safeguarded by a Web Application Firewall (WAF), which filters and monitors all incoming HTTP traffic. This crucial layer of defense fortifies our platform against a wide spectrum of cyber threats, maintaining system integrity.
Our Business Continuity and Disaster Recovery (BCP/DR) strategies are comprehensive. We leverage the AWS Backup Service for encrypted data backups, ensuring that your data is replicated and stored securely across various AWS accounts and regions.
We maintain a vigilant eye on our infrastructure's performance and security. Specialized tools are employed for continuous monitoring, enabling us to respond swiftly to any potential threats.
Your Data's Journey: Secured at Every Point, Always Protected
As part of Freya technology stack (i.e., architecture, engineering, and operations), the privacy and security programs are informed by industry best practices on:
- Privacy by Design
- Security by Design
Privacy by Design: A Core Principle
Our commitment to privacy is embedded in every aspect of our technology and operations. The 'privacy by design' principle guides our product development and system architecture, ensuring that data protection is not an afterthought but a foundational element.
Security by Design: Integral to Our Innovation
Freya, 'security by design' is not just a concept; it's an integral part of our DNA. This principle ensures that security is embedded in every aspect of our technology stack – from architecture and engineering to daily operations.
In entrusting us with your data, you place immense faith in our capabilities. We honor this trust by implementing and continuously updating our security measures, ensuring that your data is always protected, whether at rest or in flight. Our team of experts diligently oversees our security frameworks, making sure that your data is safe, secure, and accessible only to you.
You Got Questions? Uncover In-Depth Insights into Our Security & Privacy
Is Freya GxP compliant?
Yes, Freya ensures GxP conformance across all products & services, supported by a well-implemented quality system. Our commitment includes adherence to Regulatory norms, validated requirements, and continuous quality monitoring of processes, procedures, people, and premises. Our compliance approach encompasses best practices from GAMP® 5, guidance from ITILv4, and ISO 9001 guidelines, covering the complete SDLC and release processes.
Will Freya be trained on my Data?
No, Freya is not trained using user data. We prioritize the privacy and security of your data, ensuring that all information, including queries, remains confidential and is used solely to provide the requested service. Our robust data security and compliance measures are designed to protect your data at all times.
What is Freya’s Data Retention Policy?
Freya adheres to strict data security and privacy policies. User query interactions are securely retained for 30 days solely for the purpose of identifying any misuse. Please be assured that no user data is used for training Freya or any other purpose.
Is Freya Audited by a 3rd Party Security Vendor?
Yes, Freya undergoes regular audits conducted by reputable 3rd party security vendors to identify and address vulnerabilities. These audits are part of our commitment to maintaining the highest standards of security
Can I Access Freya’s Security Audit Report?
While we value transparency, the details of our security audits are confidential and involve proprietary information about our technology stack. Hence, we cannot publicly share the audit reports. If you have specific questions or concerns, we encourage you to contact us at compliance@freysolutions.com for more information.
