Data Encryption

Protecting the confidentiality and integrity of your data is a fundamental aspect of our Platform. We employ a multi-layered strategy that combines strong encryption, secure data handling practices, and granular controls to ensure your information remains safe at every stage of its lifecycle.

Encryption In Transit and At Rest

All data moving through the Frends Platform is secured using robust encryption protocols. The platform is accessible only over HTTPS, which encrypts traffic and protects it from interception. For communications with other systems, we support secure protocols like SFTP. When using an on-premises agent, all communication with the Frends Cloud is encrypted using TLS 1.2.

Furthermore, all information stored within the Frends Platform is encrypted at rest. We utilize strong encryption algorithms, such as AES-256, to protect your data while it is stored in our databases, ensuring it is unreadable to unauthorized parties.

Secure Key Management

The security of encrypted data relies on the secure management of encryption keys. Frends leverages Microsoft Azure Key Vault services for this critical function. All data is encrypted with multiple keys managed by this service, which follows industry best practices for key management and security. This approach ensures that the keys themselves are highly protected and managed according to rigorous standards.

Data Masking and Secret Management

For an additional layer of security, Frends provides the ability to mask sensitive data within your Processes. When a Task is masked, its input and output are not shown in the Process Instance view and are not stored permanently. This data is only held transiently in memory during processing, preventing sensitive information from being logged.

Sensitive configuration values, such as passwords or API keys, can be stored as secret Environment Variables. These variables are securely encrypted in the Frends database using AES-256. Once a variable is marked as a secret, its value is hidden in the user interface and cannot be viewed again, ensuring it remains protected at all times.

Data Retention and Control

Frends stores monitoring data from Process executions for a limited time to provide visibility and assist with debugging. The maximum retention period is configurable and does not exceed 60 days. For Processes handling highly sensitive information, you can configure zero retention policy on a per-Process basis. In this case, data is only held temporarily in memory and is not stored after the Process completes.

You also have the capability to download all monitoring data through secure HTTPS endpoints. This allows you to manage long-term storage and archiving according to your own organizational policies and compliance requirements.