Enterprise Security

Bank-grade security for 1.33 crore customer records

Your customer data is your most valuable asset. Fundle's security architecture is designed for enterprises that can't afford breaches — with multi-layered encryption, strict access controls, and regulatory compliance built into every layer.

Defence-in-Depth Architecture

Six security layers protect your data from ingestion to insight. No single point of failure.

Layer 1

Network

  • WAF & DDoS protection
  • TLS 1.3 encryption
  • IP whitelisting

Layer 2

Authentication

  • SSO / SAML 2.0
  • MFA enforcement
  • Role-based access (RBAC)

Layer 3

Encryption

  • AES-256 at rest
  • TLS in transit
  • Field-level encryption

Layer 4

Data Isolation

  • Multi-tenant isolation
  • Dedicated DB per client
  • No cross-tenant access

Layer 5

Monitoring

  • 24/7 SOC monitoring
  • Anomaly detection
  • Real-time alerts

Layer 6

Compliance

  • SOC 2 Type II
  • DPDP Act
  • GDPR ready

Regulatory Compliance

SOC 2 Type II

Annual third-party audit of our security controls, availability, processing integrity, confidentiality, and privacy. Covers the entire Fundle platform — from data ingestion to analytics to campaign delivery.

  • Trust Service Criteria: Security, Availability, Confidentiality
  • Annual audit by independent CPA firm
  • Continuous control monitoring between audits
  • Report available under NDA for enterprise clients

DPDP Act (India)

Full compliance with India's Digital Personal Data Protection Act 2023. Consent management, data localisation, breach notification, and data principal rights built into the platform.

  • Explicit consent collection and management
  • Right to access, correction, and erasure
  • Data localisation — India-hosted infrastructure
  • Breach notification within 72 hours
  • Data Protection Officer appointed

GDPR Ready

For brands with international customers or operations. Data processing agreements, privacy-by-design, and data subject rights management compliant with EU GDPR requirements.

  • Privacy by Design and Default
  • Data Processing Agreements (DPA)
  • Right to portability and erasure
  • Cross-border data transfer safeguards
  • Cookie consent management

How we handle your data

Every byte of customer data flowing through Fundle is encrypted, isolated, and audited. Here's exactly what happens at each stage.

1

Data Ingestion

POS/CRM data enters via encrypted API (TLS 1.3). API keys are hashed and rotated. Every request is authenticated, rate-limited, and logged.

2

Processing & Storage

Data is encrypted at rest (AES-256) in isolated tenant databases. PII fields have additional field-level encryption. No shared storage across clients.

3

Analytics & AI

ML models run in sandboxed environments. Training data is anonymised. No customer PII is used in model training without explicit consent.

4

Campaign Delivery

WhatsApp/SMS/Email delivery via encrypted channels. Consent verification before every send. Delivery logs retained per regulatory requirements.

5

Data Retention & Deletion

Configurable retention policies. Full data erasure on contract termination within 30 days. Certified deletion with audit trail.

Infrastructure

HostingAWS Mumbai (ap-south-1) — data never leaves India
Uptime SLA99.9% with auto-scaling and failover
BackupsAutomated daily backups, 30-day retention, cross-region replication
Disaster RecoveryRPO < 1 hour, RTO < 4 hours
Penetration TestingAnnual third-party pen tests by CERT-IN empanelled auditors
Vulnerability ScanningWeekly automated scans, critical patches within 24 hours
Access LoggingEvery admin action logged with immutable audit trail
Employee AccessPrinciple of least privilege, background checks, NDA-bound

Need our security documentation?

We provide SOC 2 reports, DPA templates, and detailed security questionnaire responses under NDA.

WhatsApp Chat

Quick response

Book a Demo

See Fundle Brain live

Call Us

+91-99105 30372

Email Us

hello@fundle.ai