Security is a feature.
Not a checkbox.
Fantesty is built by engineers who came from payments, healthcare, and infra. Every layer is designed for the auditor in your inbox.
SOC 2
Type II
audited 2026
ISO 27001
certified
2025
GDPR
compliant
EU + UK
HIPAA
BAA
available on Scale
CCPA
compliant
+ DPA on file
Defense in depth.
Data protection
- AES-256 at rest, TLS 1.3 in transit
- Per-workspace KMS keys (Scale)
- EU + US data residency
- Customer-managed retention windows
- PII redaction in run logs
Network & infra
- Hosted on AWS in 18 regions
- VPC isolation per tenant
- DDoS mitigation via Cloudflare
- Pen-tested quarterly
- 24/7 SOC monitoring
Access & identity
- SAML SSO (Okta, Auth0, Azure AD)
- SCIM provisioning
- Role-based + attribute-based access
- Mandatory MFA on all paid plans
- Audit logs streamed to your SIEM
AI safety
- Your data never trains foundation models
- Run-scoped vector stores
- PII redaction before inference
- Configurable model providers (OpenAI/Anthropic/self-host)
- Per-call audit trail
Application security
- SAST + DAST in CI
- Dependency scanning (Snyk)
- Secrets vault (HashiCorp Vault)
- Bug bounty program (HackerOne)
- Coordinated disclosure policy
Incident response
- <15 min P1 acknowledgement
- Customer-facing post-mortems
- Status page with RSS + webhook
- Quarterly DR drills
- RPO 5min · RTO 30min
TRUST CENTER
Everything your auditor wants, in one place.
Reports, certifications, sub-processor list, and security questionnaires. NDA-gated for Team, open for Scale.
Open trust centerSOC 2 Type II report
Audited Jan 2026 · NDA required
ISO 27001 certificate
Issued Mar 2025
Penetration test summary
Q1 2026 · external
Sub-processor list
12 providers · last updated Apr 2026
DPA + GDPR addendum
sign electronically
Security questionnaire (CAIQ)
pre-filled, downloadable
Bug bounty policy
via HackerOne
RESPONSIBLE DISCLOSURE
Found something? Tell us.
Email security@fantesty.io (PGP key on /security/pgp). We acknowledge within 24 hours, triage within 72, and pay bounties up to $25,000 via HackerOne.