# Data Encryption Protecting the confidentiality and integrity of your data is a fundamental aspect of our Platform. We employ a multi-layered strategy that combines strong encryption, secure data handling practices, and granular controls to ensure your information remains safe at every stage of its lifecycle. ## Encryption In Transit and At Rest All data moving through the Frends Platform is secured using robust encryption protocols. The platform is accessible only over HTTPS, which encrypts traffic and protects it from interception. For communications with other systems, we support secure protocols like SFTP. When using an on-premises agent, all communication with the Frends Cloud is encrypted using TLS 1.2. Furthermore, all information stored within the Frends Platform is encrypted at rest. We utilize strong encryption algorithms, such as AES-256, to protect your data while it is stored in our databases, ensuring it is unreadable to unauthorized parties. ## Secure Key Management The security of encrypted data relies on the secure management of encryption keys. Frends leverages Microsoft Azure Key Vault services for this critical function. All data is encrypted with multiple keys managed by this service, which follows industry best practices for key management and security. This approach ensures that the keys themselves are highly protected and managed according to rigorous standards. ## Data Masking and Secret Management For an additional layer of security, Frends provides the ability to mask sensitive data within your Processes. When a Task is masked, its input and output are not shown in the Process Instance view and are not stored permanently. This data is only held transiently in memory during processing, preventing sensitive information from being logged. Sensitive configuration values, such as passwords or API keys, can be stored as secret Environment Variables. These variables are securely encrypted in the Frends database using AES-256. Once a variable is marked as a secret, its value is hidden in the user interface and cannot be viewed again, ensuring it remains protected at all times. ## Data Retention and Control Frends stores monitoring data from Process executions for a limited time to provide visibility and assist with debugging. The maximum retention period is configurable and does not exceed 60 days. For Processes handling highly sensitive information, you can configure zero retention policy on a per-Process basis. In this case, data is only held temporarily in memory and is not stored after the Process completes. You also have the capability to download all monitoring data through secure HTTPS endpoints. This allows you to manage long-term storage and archiving according to your own organizational policies and compliance requirements. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.frends.com/security/data-encryption.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.