FNR AI handles the most critical content of your team — that's why security, privacy and resilience are designed in from day one. This page is the full control documentation; for a product-focused summary see the Security page.
Contents
1. Data ownership & local storage
Your project data is stored locally on your device by default. Unless you explicitly enable cloud sync, your content is not sent to Enortic's servers. The data is always yours; when you close your account, all metadata is deleted within 30 days.
2. Encryption
- In transit: end-to-end TLS 1.3.
- At rest: server-side AES-256 encryption.
- On device: OS-level disk encryption (FileVault, BitLocker) is recommended; in-app key management integrates with macOS Keychain.
3. Access control
- SSO support (Google, Microsoft Entra) — Team plan.
- Two-factor authentication (2FA) — all plans.
- Role-based permissions: Admin, Editor, Viewer.
- Enortic staff access customer content only via explicit support requests with audit logs.
4. Infrastructure
Our cloud components run on AWS (Frankfurt, Virginia) and Cloudflare. Environments are isolated in dedicated VPCs, secured by least-privilege access and continuous penetration testing. Backups are taken daily and retained for 30 days in a different region.
5. AI & model security
FNR AI's AI features run on the model providers you select, such as OpenAI and Anthropic. Our agreements with these providers require that your content not be used for model training. AI actions always wait for your approval; nothing autonomous runs in the background.
6. Service level commitments (SLA)
For Enterprise customers, we commit to the response times below. For other plans, see the SLA table on the /support page.
| Incident type | Enterprise response | Resolution target |
|---|---|---|
| Critical (system down) | 4 hours | 24 hours |
| High (key feature impacted) | 12 hours | 48 hours |
| Normal (general questions) | 1 business day | 5 business days |
Uptime commitment: 99.5% monthly (excluding scheduled maintenance). Live status: status.usefnr.com.
7. KVKK compliance (Türkiye)
- Enortic, Inc. acts as a data processor under Türkiye's Law No. 6698 on the Protection of Personal Data (KVKK).
- The customer is the data controller; FNR AI processes personal data only on the customer's documented instructions.
- VERBİS registration: Enortic, Inc. is US-headquartered and is assessed under the cross-border transfer provisions.
- The notice obligation under KVKK Article 10 belongs to the customer; required documents are provided on request.
- For the KVKK compliance package and DPA: legal@enortic.com.
8. Compliance & DPA
Current state of our SOC 2 Type II audit journey:
- Data processing aligned with GDPR and KVKK.
- A signature-ready Data Processing Agreement (DPA) is available for enterprise customers.
9. Incident management
If a data incident is detected, we notify affected customers within 72 hours and meet regulatory obligations. Our 24/7-monitored security operations center uses behavioral analytics for anomaly detection.
10. Third-party providers
The sub-processors we use to run the Service are listed below. The list is subject to contractual security standards.
| Provider | Service | Data center | Purpose |
|---|---|---|---|
| AWS | Cloud infrastructure | Frankfurt, Virginia | Cloud components, backups |
| Cloudflare | CDN, DDoS protection | Global | Network security |
| Stripe | Payment processing | US, EU | Billing |
| OpenAI | AI model | US | User-selected AI features |
| Anthropic | AI model | US | User-selected AI features |
11. Responsible disclosure
If you discover a security vulnerability, please report it to security@enortic.com. We assess findings within 5 business days and apply appropriate fixes. A bug bounty program is in place for valid disclosures.
12. Contact
| Topic | Expected response | |
|---|---|---|
| Security vulnerability report | security@enortic.com | 5 business days |
| DPA & legal requests | legal@enortic.com | 3 business days |
| Enterprise inquiry | hi@enortic.com | 1 business day |
| General support | /support or hi@enortic.com | SLA per plan |
Enortic, Inc. — enortic.com