Fenicia Logo
Enterprise Security

Your security is our priority

Fenicia implements enterprise-level security controls aligned with SOC 2, ISO 27001, and OWASP to protect your business and customer data.

SOC 2 Type IIAligned
ISO 27001Aligned
GDPRCompliant
PCI DSS SAQ-ACompliant

Data Encryption

AES-256-GCM for data at rest and TLS 1.2+ for data in transit. Keys managed by AWS KMS.

  • End-to-end encryption
  • Automatically rotated keys
  • Envelope encryption pattern

Access Management

Role-based access control (RBAC) with 28+ resources and granular permissions.

  • Multi-factor authentication (MFA)
  • Signed JWT tokens (RS256)
  • Principle of least privilege

Secure Infrastructure

Serverless architecture on AWS with multiple layers of protection.

  • AWS WAF against OWASP Top 10
  • Rate limiting and throttling
  • Network isolation (VPC)

24/7 Monitoring

Continuous threat and anomaly surveillance in real time.

  • Event correlation
  • Automatic alerts
  • On-call response team

Multi-Tenant Isolation

Each customer's data is completely isolated at the application and database level.

  • Required TenantId in queries
  • No cross-access possible
  • Access auditing

Complete Audit

Immutable logging of all sensitive actions for compliance and forensics.

  • Structured JSON logs
  • 2-year retention
  • End-to-end traceability

Data Protection

We implement industry best practices to protect sensitive information.

Encryption

Data at Rest
AES-256-GCM with AWS KMS managed keys. Envelope encryption with unique DEKs per operation.
Data in Transit
TLS 1.2+ required on all connections. ECDHE-RSA-AES256-GCM-SHA384 cipher suites.
Secrets and Credentials
AWS Secrets Manager for tokens, API keys and credentials. No secrets in source code.

Data Retention

Data TypeRetention
Order data7 years
Customer recordsAccount life + 2 years
Security logs1 year
Audit logs2 years
Backups30 days rolling

Incident Response

We have established procedures to detect, contain, and respond to security incidents.

1 hour
Internal escalation
72 hours
Customer notification
24/7
Response team
7 days
Full report

Trusted Providers

We only work with providers that meet the highest security standards.

ProviderPurposeCertifications
AWSCloud infrastructure
SOC 2ISO 27001PCI DSS
MongoDB AtlasDatabase
SOC 2ISO 27001HIPAA
FirebaseAuthentication
SOC 2ISO 27001
StripePayment processing
PCI DSS Level 1
Mercado PagoLATAM Payments
PCI DSS

Security Contact

If you have questions about our security policy or want to report a vulnerability, contact us.

security@fenicia.ioprivacy@fenicia.io

Last updated: March 11, 2026