Enterprise-grade security
and compliance
FunctionFly is built with security-first principles. Our platform meets the most demanding compliance requirements for enterprise deployments.
SOC 2 Type II
Our security controls and practices are audited annually by independent third-party auditors to maintain SOC 2 Type II certification.
GDPR Compliant
We comply with the General Data Protection Regulation for EU users, including data subject rights, legal bases for processing, and international data transfers.
CCPA Compliant
California residents have rights to know what personal information is collected, opt-out of sale, and request deletion under the California Consumer Privacy Act.
Security architecture
Built from the ground up with security in mind.
Encryption
- Data in transit: TLS 1.3 for all connections
- Data at rest: AES-256 encryption
- Database encryption: Transparent data encryption
- Zero-knowledge vault: Client-side encryption
Access controls
- Role-based access control (RBAC)
- Multi-factor authentication (MFA)
- Regular access reviews
- Principle of least privilege
Security monitoring
- 24/7 security monitoring
- Regular security audits
- Automated threat detection
- SIEM integration
Breach response
- Incident response procedures
- 72-hour notification
- Comprehensive breach logs
- Post-incident reviews
Compliance certifications
SOC 2 Type II
Annual audit by independent third-party auditors covering security, availability, and confidentiality.
GDPR
Full compliance with EU General Data Protection Regulation including data subject rights and DPA agreements.
CCPA
California Consumer Privacy Act compliance with right to know, delete, and opt-out.
COPPA
Children's Online Privacy Protection Act compliant with age verification and parental consent procedures.
Data residency & transfers
Your data is stored and processed with appropriate safeguards.
Data transfer mechanisms
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Binding Corporate Rules
- Explicit consent
Data hosting locations
- United States — Primary
- European Union — GDPR-compliant
- Global edge — Cloudflare CDN
- Enterprise — Dedicated deployments
Enterprise features
Custom security requirements
- Private deployments in your cloud
- Customer-managed encryption keys (BYOK)
- Custom SLA with guaranteed uptime
- Dedicated infrastructure options
Enterprise support
- Dedicated customer success manager
- Priority support with response times
- Custom onboarding and training
- Security questionnaires support
Need a custom compliance solution?
Our team can work with you to meet specific security and compliance requirements.