Trust by design.
Security is a product feature at Fanfusion Hub, not a procurement artifact. Isolation, approvals, audit, and encryption ship on every squad from day one.
Six controls that change the risk profile.
Tenant isolation (RLS)
Postgres row-level security policies scope every query to the current organization. No accidental leaks between tenants — the database itself rejects mismatched reads.
Human-in-the-loop approvals
Sensitive actions route through an approval queue. Operators see the proposed action, the full context, and the policy verdict before green-lighting. Decisions are signed and logged.
Immutable audit trail
Every decision and action appends to an HMAC-chained audit log. Tampering is detectable by design; export is one click for post-mortems or compliance.
Encryption at rest
Managed Postgres with AES-256 at rest. Object storage with server-side encryption. Secrets stored in a dedicated vault, rotated on schedule, and never kept in the application DB.
Safe-launch mode
New squads default to sandbox. Synthetic data, simulated channels, staged approvals — promoted to production only when KPIs hit acceptance thresholds.
Kill-switch & auto-pause
Manual kill-switch halts outbound at squad or org level. Auto-pause triggers on deny-rate or error-rate spikes. Every trigger emits a fresh audit event.
What happens to your data — in one place.
Transparency beats marketing. Here is the exact path data takes once your agent starts handling a conversation.
- Inbound message lands at the channel webhook with signature verified
- Redaction pass scrubs PII patterns before the LLM call
- Retrieval pulls only from your org-scoped knowledge base (RLS-enforced)
- Policy engine evaluates the proposed action; verdict is logged
- If gated, the action enters the approval queue; if allowed, it sends
- Delivery receipts and any customer response are reconciled and audited
- Backups run nightly (Postgres + object storage) with restore drills tested
Ship like it's production — because it is.
Observability
Structured logs, distributed request IDs, and integrations with Sentry for errors. Every request is traceable end-to-end across API, worker, and channel adapters.
Incident response
One-click incident export bundles (incident.json + timeline + audit trail + related runbooks) to accelerate post-mortems or customer disclosures.
Rate limiting & abuse
Per-tenant, per-endpoint, per-IP rate limits. Abuse patterns trigger auto-pause and alert rules. Cloudflare hardening guide available for WAF + bot management.
What we will and won't claim.
We prefer plain-language honesty over compliance theater. We're not SOC 2 / ISO 27001 certified today. Our controls are designed to align with those frameworks and our controls matrix is available under NDA.
Security questions we get.
Are you SOC 2 or ISO 27001 certified?
We are not certified today. Our controls are designed to align with SOC 2 and ISO 27001 principles (access control, audit, encryption, incident response, change management). We can share our controls matrix under NDA.
Where is data stored and processed?
Production data lives in a managed Postgres with encryption at rest. Object storage uses S3-compatible providers with server-side encryption. Regional storage preferences (EU/US) are available on enterprise plans.
How is tenant data isolated?
By Postgres row-level security policies scoped to the current organization. Every session sets the org context; every table enforces it. Isolation is enforced at the database layer, not just the API.
How do you handle PII?
A redaction layer scrubs emails, phone numbers, and card-like strings before LLM calls unless explicitly allowed. Customer identifiers are kept in structured columns, not prompts.
What happens if something goes wrong?
Kill-switch halts outbound actions. Auto-pause rules disable squads on anomaly spikes. Incident export bundles (incident.json + timeline + audit trail + runbooks) are generated for post-mortem or compliance review.
Can you sign a DPA?
Yes. A GDPR-aligned Data Processing Addendum is available on request. For EU customers, we also sign Standard Contractual Clauses when applicable.
Need the full controls matrix?
We'll share our security documentation under a mutual NDA. For procurement questions or vendor reviews, contact the team directly.
For responsible disclosure of vulnerabilities, email security@fanfusionhub.com. We respond within two business days and credit reporters when requested.