Fantesty
SECURITY & TRUST

Security is a feature.
Not a checkbox.

Fantesty is built by engineers who came from payments, healthcare, and infra. Every layer is designed for the auditor in your inbox.

SOC 2
Type II
audited 2026
ISO 27001
certified
2025
GDPR
compliant
EU + UK
HIPAA
BAA
available on Scale
CCPA
compliant
+ DPA on file

Defense in depth.

Data protection
  • AES-256 at rest, TLS 1.3 in transit
  • Per-workspace KMS keys (Scale)
  • EU + US data residency
  • Customer-managed retention windows
  • PII redaction in run logs
Network & infra
  • Hosted on AWS in 18 regions
  • VPC isolation per tenant
  • DDoS mitigation via Cloudflare
  • Pen-tested quarterly
  • 24/7 SOC monitoring
Access & identity
  • SAML SSO (Okta, Auth0, Azure AD)
  • SCIM provisioning
  • Role-based + attribute-based access
  • Mandatory MFA on all paid plans
  • Audit logs streamed to your SIEM
AI safety
  • Your data never trains foundation models
  • Run-scoped vector stores
  • PII redaction before inference
  • Configurable model providers (OpenAI/Anthropic/self-host)
  • Per-call audit trail
Application security
  • SAST + DAST in CI
  • Dependency scanning (Snyk)
  • Secrets vault (HashiCorp Vault)
  • Bug bounty program (HackerOne)
  • Coordinated disclosure policy
Incident response
  • <15 min P1 acknowledgement
  • Customer-facing post-mortems
  • Status page with RSS + webhook
  • Quarterly DR drills
  • RPO 5min · RTO 30min
TRUST CENTER

Everything your auditor wants, in one place.

Reports, certifications, sub-processor list, and security questionnaires. NDA-gated for Team, open for Scale.

Open trust center
SOC 2 Type II report
Audited Jan 2026 · NDA required
ISO 27001 certificate
Issued Mar 2025
Penetration test summary
Q1 2026 · external
Sub-processor list
12 providers · last updated Apr 2026
DPA + GDPR addendum
sign electronically
Security questionnaire (CAIQ)
pre-filled, downloadable
Bug bounty policy
via HackerOne
RESPONSIBLE DISCLOSURE

Found something? Tell us.

Email security@fantesty.io (PGP key on /security/pgp). We acknowledge within 24 hours, triage within 72, and pay bounties up to $25,000 via HackerOne.