Freemi handles conversations and operations on behalf of your business. We take that responsibility seriously. Here's how we protect your data.
All traffic uses TLS 1.2+. Data stored in Firebase / Google Cloud is encrypted at rest by default.
Only authorised engineers can access production. Access is logged and reviewed. No shared credentials.
API keys and credentials live in a secrets manager. never in code or logs. Rotated on a regular cadence.
Every agent action and sensitive operation is logged. You see the full trail in your dashboard.
We notify affected customers within 72 hours of a confirmed data incident, with remediation steps.
Your customer conversations are never used to train foundation models. Full stop.
We're working toward SOC 2 Type II and GDPR readiness. Current practices align with industry standards for SaaS data handling. If you need our SOC 2 report, DPA, or subprocessor list, contact us.
Freemi runs on Google Cloud (Firebase) with multi-region failover. Agent compute runs on Fly.io with per-tenant isolation. All inter-service traffic is encrypted and authenticated.
If you think you've found a security issue, email security@freemi.ai. We aim to acknowledge within 24 hours and triage within 72.
This page summarises our current security posture. For audit evidence, penetration test reports, or detailed architecture diagrams, contact us.