Security
Last Updated: March 27, 2026
At FrontDesk, protecting your business data is our top priority. We understand that you're trusting us with sensitive customer communications, and we take that responsibility seriously.
Encrypted Everywhere
TLS/SSL in transit, AES-256 at rest
Access Controls
Role-based, least-privilege access
Regular Audits
Ongoing security reviews
No Data Selling
Your data is never sold or shared
Data Encryption
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data stored on our servers is encrypted at rest using AES-256 encryption. This includes your business information, email content, call recordings, and chat messages.
Infrastructure Security
Our platform is hosted on industry-leading cloud infrastructure with enterprise-grade security features:
- Isolated network environments with strict firewall rules.
- Automated security patching and vulnerability scanning.
- DDoS protection and rate limiting.
- Redundant backups with encrypted storage.
- 99.9% uptime SLA for our infrastructure.
Authentication and Access
We implement strong authentication and access controls:
- Secure password hashing using industry-standard algorithms.
- Support for two-factor authentication (2FA) on all accounts.
- OAuth 2.0 for third-party integrations (Gmail, Outlook) with minimal required scopes.
- Session management with automatic timeouts and secure token handling.
- Internal employee access is role-based and logged.
Data Privacy
Your business data belongs to you. Our commitments:
- We never sell or share your data with third parties for marketing purposes.
- We never use your business data to train AI models for other customers.
- Third-party services only receive the minimum data needed to perform their function.
- You can request a full export or deletion of your data at any time.
For full details, see our Privacy Policy.
Third-Party Security
We carefully vet all third-party services we integrate with:
- Stripe — PCI DSS Level 1 certified for payment processing. We never store credit card numbers on our servers.
- Anthropic (Claude AI) — our AI provider processes data under strict data handling agreements. Your data is not used to train their models.
- Google APIs — we comply with Google's Limited Use requirements and only request the minimum permissions needed.
Incident Response
In the unlikely event of a security incident:
- We will investigate and contain the issue immediately.
- Affected users will be notified within 72 hours of confirmed incidents.
- We will provide clear information about what happened, what data was affected, and what steps we're taking.
- We conduct post-incident reviews to prevent recurrence.
Responsible Disclosure
If you discover a security vulnerability in our platform, we encourage responsible disclosure. Please contact us at nicholasdemchuk@gmail.com with details. We ask that you:
- Give us reasonable time to investigate and address the issue before public disclosure.
- Avoid accessing or modifying other users' data.
- Act in good faith to avoid disruption to our services.
Questions?
If you have any questions about our security practices, please contact us at: