Security Policy

Last updated: April 2026

Our Commitment to Security

FanVoice is committed to protecting the security and privacy of our customers and their data. We implement industry-standard security practices across our infrastructure, application, and operations.

Data Protection

  • All data in transit is encrypted using TLS 1.2 or higher
  • All data at rest is encrypted using AES-256
  • Customer data is logically isolated between tenants
  • Access to customer data is restricted to authorized personnel only, on a need-to-know basis

Access Controls

  • Access to production systems requires multi-factor authentication (MFA)
  • Role-based access control (RBAC) is enforced across all internal systems and services
  • Access rights are reviewed periodically and revoked promptly upon role changes or offboarding
  • Production, staging, and development environments are fully isolated from one another

Application Security

  • Our development process includes security reviews and code analysis as part of the release cycle
  • We perform regular dependency and open-source library scans using automated tools to identify and remediate known vulnerabilities
  • Our applications are reviewed against common vulnerability classes including the OWASP Top 10
  • Security patches for critical and high-severity vulnerabilities are prioritized and deployed as soon as possible

Infrastructure Security

  • FanVoice infrastructure is hosted on reputable cloud providers with SOC 2 certified data centers
  • Network access to production systems is restricted via firewalls and private networking
  • System access and activity logs are retained and monitored for anomalous behavior
  • Regular backups are performed and recovery procedures are tested periodically

Vulnerability Management

  • We continuously monitor our systems and third-party dependencies for newly disclosed vulnerabilities
  • Identified vulnerabilities are triaged by severity and remediated within a timeframe proportional to risk
  • Critical vulnerabilities are treated as incidents and escalated immediately

Incident Response

In the event of a confirmed security incident affecting customer data:

  1. We will investigate and contain the incident promptly
  2. Affected customers will be notified within 72 hours of confirmation, in line with GDPR requirements
  3. We will provide updates on the scope, impact, and remediation steps taken
  4. A post-incident review will be conducted and corrective actions implemented

Responsible Disclosure

We welcome reports of security vulnerabilities from researchers and customers. If you discover a vulnerability in any FanVoice product or service:

  • Email us at support@fanvoice.com
  • Include a clear description of the vulnerability and steps to reproduce
  • We will acknowledge receipt within 2 business days
  • We ask that you allow us a reasonable opportunity to investigate and remediate before public disclosure

We are committed to working collaboratively with researchers and will not pursue legal action against those who report vulnerabilities in good faith.

Compliance and Privacy

  • FanVoice complies with applicable data protection laws including GDPR and CCPA
  • We maintain a Data Processing Agreement (DPA) available to enterprise customers upon request
  • For privacy-related inquiries, refer to our Privacy Policy at https://fanvoice.ai/privacy-policy

Third-Party Integrations and Marketplace Apps

FanVoice offers integrations with third-party platforms including Jira, Salesforce, and others. All integrations:

  • Use the minimum permissions necessary for their functionality
  • Do not transmit or store customer data beyond what is required for the integration to operate
  • Are subject to the same security standards described in this policy

Contact

For security questions, vulnerability reports, or to request a DPA:

support@fanvoice.com

← Back to Home