Security
Enterprise security. No enterprise price tag.
Your proposals contain sensitive pricing and client data. We treat that seriously. Here is how we protect it.
TLS encryption in transit
All data encrypted with TLS 1.3 between your browser and our servers. No exceptions.
Encryption at rest
All stored data encrypted using AES-256. Database backups encrypted and stored in geographically separate locations.
SSO (SAML and OIDC)
Enterprise single sign-on via SAML 2.0 or OpenID Connect. Enforce your identity provider across every seat.
MFA / 2FA
TOTP-based two-factor authentication with recovery codes. Available on all paid plans.
Audit log
Chain-hashed, tamper-evident audit trail. CSV export. Enterprise plans get full retention.
IP allowlisting
Restrict access to your Frameboard account from approved IP ranges only. Enterprise plan.
SCIM provisioning
Automated user provisioning and deprovisioning from your identity provider. Enterprise plan.
GDPR compliant
Data Processing Agreement available. Cookie consent. Right to erasure. Data portability via CSV export.
Content Security Policy
Strict CSP headers with nonce-based script execution. No inline event handlers. XSS protection at the edge.
Rate limiting
Adaptive rate limiting on all API endpoints. Brute-force protection on authentication.
Questions about security?
We are happy to discuss our security posture, provide our DPA, or answer questions from your InfoSec team.