Skip to content

Security

FreshGeo is built for teams that take data security seriously.

Certifications

  • SOC 2 Type II — annual audit covering security, availability, and confidentiality.
  • GDPR / UK GDPR — DPA available on request for Enterprise customers.
  • ISO 27001 — alignment audit underway for 2026.

Encryption

  • TLS 1.2+ for all traffic (HSTS preloaded).
  • AES-256 encryption at rest for all customer data.
  • Per-tenant encryption keys for Enterprise customers.

Access control

Least-privilege IAM, MFA required for all employees, production access gated by on-call rotation with full audit logging.

Infrastructure

Primary region in London (eu-west-2) with read replicas in Virginia and Frankfurt. Automated backups every 15 minutes with 30-day retention.

Responsible disclosure

If you believe you have found a security vulnerability, please email security@freshgeo.com. Include reproduction steps, impact assessment, and your preferred credit line. We aim to acknowledge within 24 hours and patch critical issues within 72 hours. Do not publicly disclose before coordinating with us.

Bug bounty

Eligible researchers receive between £100 and £5,000 depending on severity. See the full policy on our security contact.