Your security is
our foundation
From encryption to access controls, see how FunctionFly protects your data and how to report vulnerabilities responsibly.
Encryption
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. The zero-knowledge vault extends this to client-side encryption.
Access controls
Role-based access control, multi-factor authentication for admins, and least-privilege principles across all systems.
Monitoring
24/7 security monitoring, intrusion detection, automated threat response, and SIEM integration for enterprise deployments.
Security measures
Encryption at rest
- ✓AES-256 encryption for all stored data
- ✓Transparent database encryption
- ✓Encrypted backups with separate key management
Encryption in transit
- ✓TLS 1.3 for all connections
- ✓Certificate pinning for API endpoints
- ✓Perfect forward secrecy enabled
Zero-knowledge vault
- ✓Client-side encryption of secrets
- ✓Platform never sees plaintext
- ✓You control who can decrypt
Access management
- ✓Role-based access control (RBAC)
- ✓Multi-factor authentication (MFA)
- ✓Session management with timeout
Network security
- ✓VPC isolation for production
- ✓Cloudflare DDoS protection
- ✓Firewall rules and segmentation
Compliance
- ✓SOC 2 Type II certified
- ✓GDPR and CCPA compliant
- ✓COPPA compliant
Responsible disclosure
We are committed to working with the security community to verify, reproduce, and respond to security vulnerabilities in a timely manner.
How to report
Please email security@functionfly.com with details about the vulnerability. Include enough information to reproduce the issue — a proof of concept is helpful but not required.
What we commit to
- ✓Acknowledgment within 24 hours
- ✓Regular updates on remediation progress
- ✓Public credit in our hall of fame (with your permission)
Scope
In-scope: production systems, the FunctionFly API, dashboard, and documented public integrations. Out of scope: social engineering, physical security, denial of service attacks against our infrastructure.
Have a security concern?
For vulnerabilities or security incidents, email us immediately.