Stays on your device
Project data is stored locally by default. Cloud sync is optional — never required to use FNR AI.
Built for teams that take project data seriously.
Local-first by default. Approval-gated AI. GDPR and KVKK aligned. Your content is never used to train foundation models.
- Data on your device unless you enable cloud
- Every AI write waits for your approval
- SOC 2 Type II audit — target Q3 2026
- Self-host the full product on Team
SOC 2 Type II
In progress · Q3 2026
GDPR
Aligned · DPA available
KVKK
Processor-ready
Uptime
99.5% monthly SLA
CONTROLS
How we protect your work
Eight design choices that shape every plan — from solo download to enterprise rollout.
You approve every AI action
The assistant proposes changes; nothing is written to tasks, plans, or integrations until you confirm.
Projects stay separate
Context, memory, and agent scope are bounded per project so sensitive work does not bleed across teams.
No training on your data
Agreements with model providers prohibit using your content to train foundation models. Period.
Role-based access
Admin, Editor, and Viewer roles. SSO via Google or Microsoft Entra on Business and Enterprise.
TLS 1.3 and AES-256
Traffic is encrypted in transit. Cloud components use AES-256 at rest. macOS Keychain for local secrets.
Known cloud regions
When cloud is enabled, workloads run on AWS in Frankfurt and Virginia with isolated VPCs and daily backups.
Run on your hardware
Team plan deploys the full product on your infrastructure — ideal when compliance means your cluster.
AI GOVERNANCE
Agents inherit your scope — and wait for approval
Security Audit, code review, and planning agents only see the project you assign. Every outbound action — updating a task, posting to Slack, or calling an integration — runs through the same approval flow you use for manual AI suggestions.
- No background writes or silent automation
- CogniMemo organizational memory respects project boundaries
- Provider choice stays yours (OpenAI, Anthropic, and more)
POSTURE
What we're explicit about
Affirmative guarantees only — no vague vendor language. Full detail lives in the Trust Center.
TLS-only in transit
All traffic between the app, cloud APIs, and integrations uses TLS 1.3.
Encryption at rest
Cloud blobs and backups encrypted with AES-256. Local data protected by OS disk encryption.
Approval before writes
AI cannot modify tasks, plans, or connected tools without an explicit human approve step.
No training on your data
Customer content is excluded from model training under our provider agreements.
SOC 2 Type II
Gap analysis complete; controls in implementation. External audit targeted Q3 2026.
KVKK alignment
Enortic acts as data processor; DPA and sub-processor list available for enterprise buyers.
COMPLIANCE
SOC 2 Type II journey
We publish progress openly. Enterprise customers can request the audit report under NDA once available.
Gap analysis
Controls in implementation
Audit — Q3 2026
Certification
ENTERPRISE SLA
Response commitments when it matters
Written targets for Enterprise. All plans: live status at status.usefnr.com.
| Incident type | Enterprise response | Resolution target |
|---|---|---|
| Critical (system down) | 4 hours | 24 hours |
| High (key feature impacted) | 12 hours | 48 hours |
| Normal (general questions) | 1 business day | 5 business days |
Need the full product on your infrastructure?
Team plan is self-hosted end-to-end. Business and Enterprise add SSO, shared workspace governance, and priority support.
CONTACT
Security and legal channels
| Topic | Channel | Expected response |
|---|---|---|
| Vulnerability disclosure | security@enortic.com | 5 business days |
| DPA & KVKK package | legal@enortic.com | 3 business days |
| Enterprise security review | hi@enortic.com | 1 business day |
| Full control documentation | Trust Center | Self-serve |
Data incidents: notification within 72 hours to affected customers. Responsible disclosure program includes bug bounty consideration for valid reports.