Security at Fragments
Encrypted at rest, encrypted in transit, stored in the EU. We built Fragments the way we'd want our own data handled.
Trust & Compliance
ISO 27001
Certified infrastructure
BSI C5 Type 2
German cloud security
SOC 2 Aligned
Security controls
GDPR
EU data protection
CCPA
California privacy
PCI-DSS Level 1
Payments via Stripe
Encryption
Everything is encrypted. Your data at rest uses AES-256 (the same standard banks use). Data in transit uses TLS 1.3. We can't read your competitive intelligence even if we wanted to.
- AES-256 encryption at rest
- TLS 1.3 for all connections
- Secure, httpOnly cookies
- All inputs validated and sanitized
Authentication
No passwords to leak. Sign in with magic links sent to your email. Brute force attempts hit rate limits fast.
- Passwordless magic links
- Rate limiting on all endpoints
- Role-based access control
Infrastructure
Your data is stored in Germany on ISO 27001 and BSI C5 Type 2 certified infrastructure. It never leaves the EU unless you're outside it.
- EU data centers (Germany)
- ISO 27001 & BSI C5 certified
- Separate dev/staging/prod environments
- Security headers on all responses
Privacy & Compliance
GDPR and CCPA compliant. You can export or delete your data anytime. If there's ever a breach (there hasn't been), we notify you and authorities within 72 hours.
- GDPR compliant
- CCPA compliant
- Export your data anytime
- 72-hour breach notification
Your competitive intelligence is sensitive
Battlecards, competitor strategies, pricing intelligence, win/loss analyses—this is data your competitors would love to see. We treat it accordingly. Your intelligence stays yours, accessible only to the team members you authorize.
Common Questions
Have security questions?
We're happy to discuss our security practices, answer compliance questionnaires, or walk you through our infrastructure.