Our Guiding Principles
The safety and security of our customer’s data is fundamental to the DNA of FrankieOne. We believe and operate under the framework that your data is yours, and yours alone. We make sure:
- Our service is designed to ensure that you control access to your data.
- All data is securely stored using AES 256 encryption. This encryption is one of the strongest and most robust encryption standards that is commercially available today and trusted by banks and other financial institutions globally.
How we keep your data secure
When storing sensitive data on your behalf, we need to ensure that it is safe, and retrievable when you need it. To do this, we store your data in two separate but equally secure ways.
Storage
Every customer has a set of keys that we use to encrypt your data. Every record gets its own unique key so as to ensure that even if one record is cracked, the others remain safe. We use bank-grade AES256-GCM encryption to secure your data before it goes into our document vault.
The document vault is also encrypted at the storage layer (encryption at rest), again using AES256-GCM with a different set of keys, making doubly sure your data is safe and only visible to you.
Retrieval
To find your data again, we need to create a secure, yet searchable index that does not expose your data. To do that we take a hash of your data (we use a salted SHA512 hash, generally considered beyond bank-grade). This hash is a one-way scrambling process that cannot be reversed. The hash is then saved with an encrypted mapping to your stored data - again using your unique keys to secure this map.
When you wish to search your data, we take your search criteria, recreate your secure hashes, and look those up in the index database. From there we can retrieve your data, returning the decrypted information you entrusted us with.
Safety in transmission too
We obviously need to transfer your data to and from your own service, as well as within our own network in order to both store and verify it. Even when data is in transit, it is securely encrypted using TLS v1.2 (or greater). At no time does your data end up in the clear.
Don’t just take our word for it
FrankieOne has been ISO27001 certified since November 2019, soon after we first went live. This means our process, people and practices have all been reviewed, tested and independently audited by GCC (Global Compliance Certification), a global and accredited certification organisation.
In September this year, FrankieOne also received a clean SOC 2 Type I attestation report, as audited by SSF (Sensiba San Filippo), a certified public accountants and business advisors, with our Type II report expected in January 2023. The report provides proof (in addition to our ISO27001 certification) of our commitment to implement, audit and measure our security and privacy framework to ensure we operate to the highest standards for security, confidentiality and availability.
On top of our own internal continuous monitoring and testing, we also undergo regular independent pen-tests by CREST certified independent testers from Cyber-Risk. Their job is to try and break in and/or exploit our service before the bad actors do. If they ever find an issue, we ensure that addressing it becomes our number one priority, with a fix being put in place ASAP.
It’s your data
Because your data is encrypted using keys unique to you, it means that we:
- Cannot see or modify your data
- Cannot mix up your data with any other customer’s data
- Cannot sell your data to third parties
Your data is yours, and yours alone. This is our promise to you.
Our security framework is the backbone of FrankieOne. Want to know more, email us at security@frankieone.com.
