Fauward brand icon

Security & compliance

Built with trust at the foundation

Your logistics data is mission-critical. Here's how Fauward protects it — from infrastructure to compliance.

Security architecture

Multi-layered security across every part of the platform.

🔒

Data encryption

  • All data encrypted in transit via TLS 1.2+
  • Data at rest encrypted via AES-256
  • Database backups encrypted before offsite storage
  • Encryption keys managed per-tenant

🛡️

Authentication & access

  • Multi-factor authentication (MFA) enforced on all staff accounts
  • SAML/SSO available on Enterprise plans
  • Role-based access control (RBAC) across all platform modules
  • Principle of least privilege applied to all infrastructure access

🏗️

Infrastructure

  • Hosted on ISO 27001-certified cloud infrastructure (Railway / AWS)
  • Separate staging and production environments
  • Automated vulnerability scanning on every deploy
  • Dependency security updates applied within 72 hours of critical CVEs

🌍

Data residency

  • UK/EU tenants: data processed and stored within UK/EU data centres
  • Africa tenants: data processed within the region where available
  • No cross-region data transfer without explicit tenant configuration
  • Data residency region confirmed at signup

📋

Compliance

  • UK GDPR and Data Protection Act 2018 compliant
  • ICO-registered data controller
  • Sub-processor list maintained and disclosed in Privacy Policy
  • PECR-compliant cookie consent on all web properties

🔍

Operational security

  • Audit logs for all admin and data-access actions
  • Security incident response plan with defined RTO/RPO
  • Annual internal security reviews
  • Staff security training and background screening

Certifications & standards

UK GDPR

Compliant

Data processed lawfully under the Data Protection Act 2018 and UK GDPR.

ISO 27001

Infrastructure

Hosted on ISO 27001-certified cloud providers. Platform-level certification in roadmap.

SOC 2 Type II

In roadmap

Formal audit underway. Enterprise customers may request interim security questionnaire.

PCI DSS

Delegated

Card data handled exclusively by PCI-compliant payment processors (Stripe, GoCardless, Paystack). Fauward stores no card data.

Responsible disclosure

We take security vulnerabilities seriously. If you believe you've found a security issue in the Fauward platform, please disclose it responsibly by emailing security@fauward.com.

We commit to acknowledging reports within 48 hours and providing a resolution timeline within 5 business days. We do not pursue legal action against researchers who disclose in good faith.

Security questions?

Enterprise customers can request our full security questionnaire, sub-processor list, and data processing agreement.

Talk to Salessecurity@fauward.com
Privacy PolicyTerms of ServiceCookie Policy