Security and privacy are integral parts of our core services.
We know that the security of your business and information is one of your top priorities.
Frontegg implements state of the art security measures in order to secure your applications and your customers
Frontegg’s runs on Azure infrastructure and relies on Azure’s strengthened data center security.
We keep all our systems always updated in order to block any attempt to take advantage of known vulnerabilities.
Frontegg implements security measures on top of those provided by Azure in order to assure that its security complies with the highest standards in the market.
Frontegg runs penetration tests on a quarterly basis in order to test its security and resilience to cyber attacks.
Frontegg encrypts all data both at rest and in motion so no unauthorized 3rd party can be exposed to the data that you enter into our services.
Availability and Integrity
Frontegg is running from multiple zones and regions in order to provide continuous service with minimum downtime.
Frontegg’s data is continuously backed up in order to allow fast and full recovery in case of data erasure or alternation.
Frontegg tests the effectiveness of its backups and restore procedures on a regular basis in order to test the effectiveness of those measures and to be prepared for any scenario.
Frontegg’s SLA policy is available upon request
Frontegg has completed a SOC2 Type2 audit. The full report will be available upon request starting April 1st, 2021.
Frontegg’s controls were built with ISO 27001 in mind, and we plan to be ISO27001:2013 certified by the end of Q2/2021.
Frontegg is in the process of estimating its controls compliance with GDPR requirements and expects to be fully compliant by the end of April 2021.
Standards and Policies
Frontegg employs strict security standards and measures throughout the entire organization. All employees and contractors complete the FrontEgg security awareness and data handling training programs at least annually. All visitors to FrontEgg offices are registered as such or accompanied by a FrontEgg employee. FrontEgg has an extensive employee policy to protect all the parties against exposure or damage. Processes are set in place to ensure that all employee devices comply with the security policy.
Frontegg is committed to protect individuals’ right to data protection and privacy.
Frontegg is a global organization operating in the context of various data protection and information security frameworks. We are directly bound by provisions of Israel Protection of Privacy and Data Security Regulations and our clients are subject to EU General Data Protection Regulation and other national data protection laws. We support our clients in compliance with California Consumer Privacy Act of 2018, GDPR and other national legislation by implementing requirements of these legal frameworks in our products and operations.
In relationships with clients, Frontegg usually acts as a data processor for any personal data clients provide to us (e.g. user data in hosted products). If you are using our products, you are a controller of data stored within these products.
General Data Protection Regulation (GDPR)
Frontegg is supporting customers in achieving compliance with the GDPR. Among others, we offer our clients a Data Processing Addendum (DPA) to comply with article 28 of the GDPR.
View DPA in English
Frontegg is using only service providers that guarantee a high level of data protection and security.
Frontegg signs DPAs (data processing agreements) with all third-party providers processing data on our behalf. These agreements mirror the terms of Frontegg’s customer-facing data protection agreement and, if necessary, include the standard contractual clauses (SCCs).
View the list of Frontegg subprocessors.
EU customers’ data are always held on servers located in the European Union. Israel is the only non-EEA country that may be a destination of our data transfers due to the fact that Frontegg is based there. Israel is considered a country with adequate data protection standards (Commission Decision of 31 January 2011).
Support in handling data protection rights requests
Frontegg products have built-in support for handling GDPR requests like data erasure request, data rectification request and data access request. We are committed to provide support to our customers in case of other data protection related requests.
Privacy by Design
We take into account privacy requirements at all stages of our products’ development. We are continuously improving our practices and development standards to meet GDPR requirements of Privacy by Design.