Last updated: April 25, 2026

Security

SOC 2 Type II

In progress

GDPR Compliant

Certified

ISO 27001

In progress

1. Infrastructure

Fixvis runs on cloud infrastructure with enterprise-grade security:

  • Cloud provider: AWS with SOC 2 Type II certified data centers
  • Geographic isolation: Data stored in EU or US regions based on customer location
  • Redundancy: Multi-region backups with 99.9% uptime SLA
  • Network isolation: Private networks, firewalls, and DDoS protection
  • Monitoring: 24/7 infrastructure monitoring with automated alerts

2. Data Security

  • Encryption in transit: All data transmitted to/from Fixvis is encrypted using TLS 1.3
  • Encryption at rest: All data is encrypted using AES-256
  • Key management: Encryption keys managed with AWS KMS with automatic rotation
  • Database security: Encrypted databases with access logging and audit trails
  • Backup encryption: All backups are encrypted and stored separately from production data

3. Access Control

  • Principle of least privilege: Employees have access only to systems required for their role
  • Role-based access: Clear role definitions with documented access levels
  • MFA required: Multi-factor authentication required for all employee accounts
  • Access logging: All access to production systems is logged and monitored
  • Access reviews: Quarterly reviews of employee access rights
  • Employee training: Security awareness training required for all employees
  • Background checks: Background checks performed before employment

4. Compliance

Fixvis maintains the following compliance certifications and standards:

  • GDPR: Full compliance with EU General Data Protection Regulation
  • SOC 2 Type II: Undergoing certification (expected Q3 2026)
  • ISO 27001: Information security management certification in progress
  • PCI DSS: We do not store card data; Stripe handles all payment processing

5. Incident Response

Our incident response process includes:

  • Detection: Automated monitoring and alerting for security events
  • Containment: Immediate isolation of affected systems
  • Investigation: Root cause analysis by security team
  • Notification: 72-hour notification to affected users per GDPR requirements
  • Remediation: Steps to prevent future occurrences
  • Post-incident: Lessons learned and process improvements

6. Report a Vulnerability

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

Security Bug Bounty

We offer a bug bounty program for responsible disclosure of security vulnerabilities. Rewards range from $100 to $2,000 depending on severity.

To report a vulnerability, email us at:

security@fixvis.ai

Please include:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Your contact information for follow-up

We commit to:

  • Acknowledging receipt within 24 hours
  • Providing an estimated timeline within 7 days
  • Not taking legal action against good-faith disclosure
  • Crediting researchers in our security acknowledgments (with permission)