Security — FRRE.AI

The Foundational Promise

Your data never trains our models. This is not a toggle. It's not a setting. It's a contractual guarantee backed by our architecture. Client data is processed for service delivery only and is never used to improve, train, or fine-tune any AI model — ours or any third party's.

Every LLM provider we work with (OpenAI, Anthropic, Google) operates under Zero Data Retention (ZDR) agreements. Your prompts and documents are processed in memory and discarded. Nothing persists on their side.

Encryption

At Rest

AES-256 encryption for all stored data, including documents, case materials, and database records.

In Transit

TLS 1.3 for all data transmission. HSTS enforced. Certificate pinning for API connections.

Backups

Encrypted backups with separate key management. Geographically distributed. Tested recovery procedures.

Key Management

Hardware security modules (HSM) for cryptographic key storage. Automatic key rotation.

Access Control

Role-Based Access Control (RBAC) with the principle of least privilege. Every action is authenticated and authorized. Multi-factor authentication (MFA) available for all accounts. SAML/OIDC SSO integration for enterprise clients.

Logical data isolation between organizations. Multi-tenant architecture ensures no organization can access another's data, even at the infrastructure level.

Audit Trail

Every AI decision in FRRE.AI is recorded on an immutable blockchain-based audit trail. This means:

Every question asked, every fact verified, every document analyzed — logged
Every confidence score, source citation, and challenge result — recorded
Audit entries cannot be altered or deleted — blockchain immutability
Full exportable audit history for compliance reviews

This is not just logging. This is decision reproducibility — the ability to explain exactly why the AI gave a specific answer, with full evidence trail, at any point in the future.

Electronic Signatures (FRRE Sign)

FRRE Sign implements PAdES (PDF Advanced Electronic Signatures) compliant with eIDAS regulation. Signatures include:

Cryptographic proof of signer identity (MFA-verified)
Timestamp from trusted authority
Blockchain anchor for independent verification
Full evidence pack: who signed, when, from where, with what verification

Infrastructure

DDoS protection at network and application layers
Web Application Firewall (WAF) with custom rule sets
Automated vulnerability scanning on every deployment
Container isolation for service separation
Regular penetration testing by independent security firms
24/7 monitoring with automated threat detection and response

Incident Response

We maintain a documented incident response plan with defined escalation procedures. In the event of a security incident:

Affected customers notified within 72 hours (as required by GDPR)
Root cause analysis published
Remediation measures implemented and verified

Compliance

GDPR

Full compliance with the General Data Protection Regulation. Data Processing Agreements available for all customers.

CCPA

California Consumer Privacy Act compliance for US-based users. Right to know, delete, and opt-out.

eIDAS

Electronic signature compliance under the EU Electronic Identification and Trust Services regulation.

AML / KYC

Anti-money laundering awareness integrated into client management workflows.

Security Contact

To report a vulnerability or security concern:

Email: security@frre.ai

We follow responsible disclosure practices and appreciate reports from the security community.

Security at FRRE.AI