Security Hub

Your security is
our foundation

From encryption to access controls, see how FunctionFly protects your data and how to report vulnerabilities responsibly.

Encryption

All data is encrypted in transit with TLS 1.3 and at rest with AES-256. The zero-knowledge vault extends this to client-side encryption.

Access controls

Role-based access control, multi-factor authentication for admins, and least-privilege principles across all systems.

Monitoring

24/7 security monitoring, intrusion detection, automated threat response, and SIEM integration for enterprise deployments.

Security measures

Encryption at rest

  • AES-256 encryption for all stored data
  • Transparent database encryption
  • Encrypted backups with separate key management

Encryption in transit

  • TLS 1.3 for all connections
  • Certificate pinning for API endpoints
  • Perfect forward secrecy enabled

Zero-knowledge vault

  • Client-side encryption of secrets
  • Platform never sees plaintext
  • You control who can decrypt

Access management

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Session management with timeout

Network security

  • VPC isolation for production
  • Cloudflare DDoS protection
  • Firewall rules and segmentation

Compliance

  • SOC 2 Type II certified
  • GDPR and CCPA compliant
  • COPPA compliant

Responsible disclosure

We are committed to working with the security community to verify, reproduce, and respond to security vulnerabilities in a timely manner.

How to report

Please email security@functionfly.com with details about the vulnerability. Include enough information to reproduce the issue — a proof of concept is helpful but not required.

What we commit to

  • Acknowledgment within 24 hours
  • Regular updates on remediation progress
  • Public credit in our hall of fame (with your permission)

Scope

In-scope: production systems, the FunctionFly API, dashboard, and documented public integrations. Out of scope: social engineering, physical security, denial of service attacks against our infrastructure.

Security resources

security.txt

Our RFC 9116 security contact and policy file

Trust Center

Verification, attestations, and compliance details

Privacy Policy

How we collect, use, and protect your data

Compliance

Enterprise security and compliance certifications

Have a security concern?

For vulnerabilities or security incidents, email us immediately.