Security & Compliance

Enterprise-grade security
and compliance

FunctionFly is built with security-first principles. Our platform meets the most demanding compliance requirements for enterprise deployments.

SOC 2 Type II

Our security controls and practices are audited annually by independent third-party auditors to maintain SOC 2 Type II certification.

GDPR Compliant

We comply with the General Data Protection Regulation for EU users, including data subject rights, legal bases for processing, and international data transfers.

CCPA Compliant

California residents have rights to know what personal information is collected, opt-out of sale, and request deletion under the California Consumer Privacy Act.

Security architecture

Built from the ground up with security in mind.

Encryption

  • Data in transit: TLS 1.3 for all connections
  • Data at rest: AES-256 encryption
  • Database encryption: Transparent data encryption
  • Zero-knowledge vault: Client-side encryption

Access controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Regular access reviews
  • Principle of least privilege

Security monitoring

  • 24/7 security monitoring
  • Regular security audits
  • Automated threat detection
  • SIEM integration

Breach response

  • Incident response procedures
  • 72-hour notification
  • Comprehensive breach logs
  • Post-incident reviews

Compliance certifications

SOC 2 Type II

Annual audit by independent third-party auditors covering security, availability, and confidentiality.

GDPR

Full compliance with EU General Data Protection Regulation including data subject rights and DPA agreements.

CCPA

California Consumer Privacy Act compliance with right to know, delete, and opt-out.

COPPA

Children's Online Privacy Protection Act compliant with age verification and parental consent procedures.

Data residency & transfers

Your data is stored and processed with appropriate safeguards.

Data transfer mechanisms

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Binding Corporate Rules
  • Explicit consent

Data hosting locations

  • United States — Primary
  • European Union — GDPR-compliant
  • Global edge — Cloudflare CDN
  • Enterprise — Dedicated deployments

Enterprise features

Custom security requirements

  • Private deployments in your cloud
  • Customer-managed encryption keys (BYOK)
  • Custom SLA with guaranteed uptime
  • Dedicated infrastructure options

Enterprise support

  • Dedicated customer success manager
  • Priority support with response times
  • Custom onboarding and training
  • Security questionnaires support

Need a custom compliance solution?

Our team can work with you to meet specific security and compliance requirements.