Security at Frankli
Last updated: 21st of July 2022.
At Frankli, we are committed to offering world-class data protection standards to ensure your data is safe and your compliance requirements are met.
Our mission at Frankli is to be the go-to, people-centric Performance OS for high-performing start-ups and scale-ups everywhere. A place where you can store all your people and team's performance data, accelerate people operations and track company and team growth. This mission can’t be fulfilled without us implementing strict technical measures and following the highest security standards to build trust with our customers.
Here you’ll find information on how we approach security, and if you have additional questions, feel free to get in touch at hello@frankli.io.
Data centre security
We have partnered with AWS as our dedicated hosting environment. Our data centre provider AWS Cloud Platform supports more security standards and compliance certifications than any other offering, including ISO 27001 compliance, PCI certification, and SOC. Our hosting environment is also fully-redundant with disaster recovery procedures.
Please visit the AWS Cloud Platform security site for more information about their certification and compliance.
EU hosted infrastructure
Frankli's infrastructure is hosted on servers in the European Union. This allows us to meet regulatory and compliance requirements. Our data centre provider AWS Cloud Platform supports more security standards and certifications than any other offering, including SOC 1, SOC 2, SOC 3, and ISO27001. All data is encrypted both in transit and at rest using the industry-standard AES-256 encryption algorithm.
Multi-layer encryption
In addition to the industry standard in transit and at rest data encryption (AES256), weutilise at-work encryption using the RSA algorithm with a 256bit key. This allows us to introspect, service, and operate Frankli without having programmers and administrators inadvertently exposed to private data during the course of their work.
Communication
All user data is transported securely, as all traffic is encrypted in transit via SSL. We use 256-bit SSL/TLS.1.2 encryption, utilising both the ECDSA and RSA algorithms.
HTTP strict transport security
Our application forces all requests over HTTPS, ensuring all traffic is secured in transit and protects against protocol downgrade attacks.
Security headers
Our application uses a series of security headers, including X-Frame-Options, X-XSS-Protection and Content-Security-Policy, to mitigate a wide range of common security issues.
Penetration testing
We partner with world-leading security providers to perform regular security penetration testing of our systems and platform.
Data breach disclosure
In a data breach involving personal data, we have a dedicated policy and procedure that we follow. As part of this, we will promptly report directly to the people (data subjects) involved.
Processing of Company Personal Data
Frankli will comply with all applicable Data Protection Laws in the Processing of Company Personal Data and not Process Company Personal Data other than on the relevant Company’s documented instructions.
3rd party Sub-Processors
Our sub-processors are leaders in their space and have security as top priority. You can find the list of our sub-processors in our Privacy Policy page.
GDPR Compliance
Frankli is committed to compliance with the General Data Protection Regulation and meeting our legal obligation by helping our customers become compliant.
Credit cards
Frankli never stores any credit card information. We have partnered with Stripe for credit card processing in the App, which allows us to leverage AES256 encryption at rest, with PCI Service Provider Level 1 standards in the storage and handling of the credit card information. This is the most stringent level of certification available to the payments industry.
We also offer an alternative, secure payment processing by EFT bank transfers.
Limited Employee Access
Only those who need access to investigate, improve or operate the system have access. We make sure there are several layers of controls that individuals must go through to access customer data, following detailed policies.
All of our staff undergo regular security awareness training and must complete detailed policy reviews and acceptance as part of this training.
Data backups
We run automated backups of our databases every night to ensure your data stays safe and highly available.
Log collection
We collect detailed logs to ensure we have a high-resolution trail of the actions performed across the platform for any incident investigation if so required.
Software updates
We have partnered with a dedicated IT solutions provider to provide us with automated systems in place that monitor the versions and vulnerabilities in all of the software that powers Frankli. Our infrastructure is continuously scanned and updated to the latest and most secure software versions, following our dedicated policies.
Automated tests
We run an extensive suite of automated tests after each code change and as part of every build to verify the correctness of Frankli features, including authentication and the permission system.
Reporting security issues
If you believe you have discovered a vulnerability in our product or have a security incident to report, please contact hello@frankli.io.
By reporting a suspected issue, you agree to not publicly disclose your findings or the contents of your submission to any third parties without Frankli's prior written approval. Detailed and quality reporting is essential to Frankli, and you must include a working Proof of Concept.
Experience it first-hand: book your demo now!
Discover the full potential of our product with a personalised demo. See how our solution can streamline your processes, enhance productivity, and drive success. Click to book your demo and experience it first-hand!
Drop us a line
Unlock free trials exclusively for you.
Discover the power of Frankli.
Engagement
Streamline communication with seamless feedback and real-time insights to boost team engagement and productivity.
Management
Empower managers with transparent goal-setting and continuous feedback to drive performance and development.
Growth & Development
Align career paths with organisational goals, fostering continuous growth and professional success.