A tasty overview of our security action plan.

We get it – your customers’ info is sacred, and we’ll never spill the beans to outsiders. Our GDPR-friendly toolkit, complete with customizable cookie requests and storage permission asks, has your back while you dazzle your users with top-notch experiences.

We take data protection seriously. That’s why we’re proud to say that we’re fully compliant with the General Data Protection Regulation (GDPR). We handle personal data with care, ensuring that every step of the process is lawful and transparent.

Our servers are located right here in the European Union (Frankfurt), so your data stays right where it should be, under the watchful eye of the GDPR. And we’re constantly updating and enhancing our security protocols to stay one step ahead of any potential risks.

You can easily manage cookie consent settings right from the Widget. Want to enable or disable cookie requests? It’s as easy as a click. And if you choose to send a request, you can customize the message to match your brand and ensure GDPR compliance.

Yes, we give you the power to request storage permission effortlessly when a new user kicks off a chat for the first time. It’s your chance to align with the GDPR’s guidelines and get crystal-clear consent for storing your customer data.

If you’re jazzing up your cookie request with a custom message, make sure to tap into our SDK JavaScript. It ensures your contact’s cookie preferences are spot-on. And don’t sweat it – if they don’t shout out a preference, cookies are a go by default, keeping things GDPR-friendly.

Fully ISO covered

The international standard for information security that defines the specifications for an effective ISMS (Information Security Management System).

The information security best practice framework for cloud service providers and their customers.

Provides a best practice basis for the protection of personally identifiable information (PII) in the cloud for organizations that act as processors of this information: it is linked to ISO 27001.

About our Infrastructure

The front-end applications (web app and widget), based on Angular, as static code, are deployed on Firebase hosting and communication between users and applications is encrypted. All our backend services are hosted on Amazon cloud servers in Europe, specifically, in Frankfurt.

Access to the backend services is through secure SSL encrypted requests. These requests reach the load balancers, which distribute the requests between different servers hosted on AWS EC2. It is important to note that only the load balancers are accessible from the Internet, the rest of the services and databases are not accessible from the Internet, but only from within the AWS VPC itself. This ensures a high level of security of data and connections between different backend services.

Data Hosting and Storage

FROGED services and data are hosted in Amazon Web Services (AWS) in Europe (Fráncfort) and protected by AWS security, as described at: https://aws.amazon.com/compliance/shared-responsibility-model/

We use a backup solution for datastores that contain customer data.

Failover

All of our infrastructure and data is distributed across 3 AWS Availability Zones. This means that if one of these data centers goes down, it will still be up and running.

We use a backup solution for datastores that contain customer data.

Encryption

All data sent to or from FROGED is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm

Access Control and Confidentiality

All access rights (both for access to IT systems and data and for access to buildings and rooms) are assigned according to the principle that employees and third-party users are only granted the level of access they need to perform their activities (need-to-know principle).

Access rights are granted according to defined (role-based) permission profiles. The access rights granted are reviewed regularly. Rights that are no longer required are withdrawn immediately.

All employee contracts include a confidentiality agreement.

We're here for you

If you’re struggling to reach your target audience and want to improve customer engagement or you’re finding it difficult to manage multiple channels, or you simply want to improve you brand consistency and take advantage of cross-platform publishing. We’re here for you.