SOC 2 Type II
In progress
GDPR Compliant
Certified
ISO 27001
In progress
1. Infrastructure
Fixvis runs on cloud infrastructure with enterprise-grade security:
- Cloud provider: AWS with SOC 2 Type II certified data centers
- Geographic isolation: Data stored in EU or US regions based on customer location
- Redundancy: Multi-region backups with 99.9% uptime SLA
- Network isolation: Private networks, firewalls, and DDoS protection
- Monitoring: 24/7 infrastructure monitoring with automated alerts
2. Data Security
- Encryption in transit: All data transmitted to/from Fixvis is encrypted using TLS 1.3
- Encryption at rest: All data is encrypted using AES-256
- Key management: Encryption keys managed with AWS KMS with automatic rotation
- Database security: Encrypted databases with access logging and audit trails
- Backup encryption: All backups are encrypted and stored separately from production data
3. Access Control
- Principle of least privilege: Employees have access only to systems required for their role
- Role-based access: Clear role definitions with documented access levels
- MFA required: Multi-factor authentication required for all employee accounts
- Access logging: All access to production systems is logged and monitored
- Access reviews: Quarterly reviews of employee access rights
- Employee training: Security awareness training required for all employees
- Background checks: Background checks performed before employment
4. Compliance
Fixvis maintains the following compliance certifications and standards:
- GDPR: Full compliance with EU General Data Protection Regulation
- SOC 2 Type II: Undergoing certification (expected Q3 2026)
- ISO 27001: Information security management certification in progress
- PCI DSS: We do not store card data; Stripe handles all payment processing
5. Incident Response
Our incident response process includes:
- Detection: Automated monitoring and alerting for security events
- Containment: Immediate isolation of affected systems
- Investigation: Root cause analysis by security team
- Notification: 72-hour notification to affected users per GDPR requirements
- Remediation: Steps to prevent future occurrences
- Post-incident: Lessons learned and process improvements
6. Report a Vulnerability
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:
Security Bug Bounty
We offer a bug bounty program for responsible disclosure of security vulnerabilities. Rewards range from $100 to $2,000 depending on severity.
To report a vulnerability, email us at:
security@fixvis.aiPlease include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Your contact information for follow-up
We commit to:
- Acknowledging receipt within 24 hours
- Providing an estimated timeline within 7 days
- Not taking legal action against good-faith disclosure
- Crediting researchers in our security acknowledgments (with permission)