Six controls that protect every account
These are the primary guardrails around Frienzy. They apply to every customer, every workspace, and every traveler record we store.
Encryption
All traffic is protected in transit with TLS 1.2+. Data at rest is encrypted with AES-256 using AWS-managed keys.
Infrastructure
Frienzy runs on AWS in US-based regions with automatic backups, multi-AZ redundancy, and isolated staging and production environments.
Access control
Role-based access control, Firebase Authentication, OAuth-backed SSO, and optional 2FA protect every account.
Data residency
Customer and traveler data is stored in the United States. Enterprise customers can request region-specific arrangements.
Compliance
Frienzy is GDPR- and CCPA-aligned. A Data Processing Agreement is available on request, and SOC 2 Type II is on our roadmap.
Incident response
Security events are continuously monitored. Customers are notified of any material incident affecting their data within 72 hours per GDPR.
Built on providers you already trust
We don't re-invent identity, payments, or infrastructure. Frienzy delegates sensitive surfaces to specialised providers with their own audited compliance programs.
US regions, multi-AZ, automated backups
PCI DSS Level 1 — we never store card data
Google-managed identity with 2FA support
GDPR / CCPA policies and cookie consent
What we commit to
- GDPR-aligned data handling with a Data Processing Agreement available on request
- CCPA-aligned disclosures and "do not sell" controls for California residents
- PCI DSS compliance delegated to Stripe — raw card numbers never touch Frienzy servers
- SOC 2 Type II controls implemented and audit readiness on our roadmap
Clear, minimal, and yours
We collect only what Frienzy needs to operate, store it only as long as we need it, and hand it back whenever you ask.
What we store
Account and workspace data you create inside Frienzy, brochure and trip content you publish, inquiries and messages you receive, and basic traveler details required to service a booking.
How long we keep it
Customer data is retained for as long as your workspace is active, plus a short grace period. Marketing and analytics logs are aggregated or purged within 24 months.
Deleting your data
You can request export or deletion of your workspace data at any time. We respond to verified GDPR and CCPA requests within the statutory window.
Questions buyers ask us most
If anything you need isn't covered here, our team is one message away.
Need security documentation?
Request our Data Processing Agreement, SOC 2 readiness summary, or a custom security questionnaire response. We reply within one business day.