Question 1

Is Fivo SOC 2 compliant?

Accepted Answer

Yes. Fivo is SOC 2 Type II compliant. Annual audits are conducted by independent third-party auditors. SOC 2 reports are available to Enterprise customers under NDA.

Question 2

Is Fivo HIPAA compliant?

Accepted Answer

Fivo is HIPAA compatible. Enterprise customers can deploy on-premise for complete data sovereignty. BAA (Business Associate Agreement) is available for healthcare customers. Zero data retention mode ensures PHI is never written to disk.

Question 3

Is Fivo GDPR compliant?

Accepted Answer

Yes. Fivo is fully GDPR compliant. Data processing agreements (DPA) are available. EU customers can request EU-only data processing. One-click data deletion is available at any time.

Question 4

Does Fivo store my API queries?

Accepted Answer

By default, Fivo stores query metadata (not content) for analytics and optimization. Zero data retention mode is available � no query content is ever written to disk. Enterprise customers can configure exactly what is stored and for how long.

Question 5

Is my data used for AI training?

Accepted Answer

Absolutely not. Your data is never used for training any AI models � not by Fivo, not by the AI providers. This is contractually guaranteed. Your data is your data.

Question 6

Can I deploy Fivo on-premise?

Accepted Answer

Yes. Enterprise plans include on-premise deployment option. Run Fivo in your own VPC, private cloud, or air-gapped environment. Complete data sovereignty � nothing leaves your infrastructure.

Question 7

How are API keys stored?

Accepted Answer

API keys are encrypted at rest using AES-256 and in transit using TLS 1.3. Keys are never logged, never displayed in full in the dashboard, and accessible only to the encryption service. Key rotation is supported.

Question 8

Does Fivo support SSO / SAML?

Accepted Answer

Yes. Pro and Enterprise plans support SSO via SAML 2.0 and OpenID Connect. Compatible with Okta, Azure AD, Google Workspace, OneLogin, and other identity providers.

Question 9

What encryption does Fivo use?

Accepted Answer

TLS 1.3 for all data in transit. AES-256 for all data at rest. API keys use additional envelope encryption with customer-specific keys. Enterprise customers can bring their own encryption keys (BYOK).

Question 10

Does Fivo have audit logs?

Accepted Answer

Yes. Enterprise plans include detailed audit logs for all administrative actions, API key changes, team member changes, and configuration updates. Logs can be exported to your SIEM system.

Question 11

What happens to my data if I cancel?

Accepted Answer

All your data is deleted within 30 days of cancellation. You can request immediate deletion at any time. A data export is available before cancellation if needed.

Question 12

Does Fivo have a bug bounty program?

Accepted Answer

Yes. Fivo runs a responsible disclosure program. Security researchers can report vulnerabilities to security@fivo.live. Valid reports are rewarded based on severity.

Question 13

Where is Fivo data hosted?

Accepted Answer

Fivo cloud is hosted on AWS in US-East-1 (Virginia) and EU-West-1 (Ireland). Enterprise customers can choose their region or deploy on-premise. All data centers are SOC 2 certified.

Question 14

Does Fivo support IP allowlisting?

Accepted Answer

Yes. Enterprise plans support IP allowlisting to restrict API access to specific IP ranges. Combined with VPN access, this provides additional network-level security.

Question 15

How does Fivo handle data breaches?

Accepted Answer

Fivo has an incident response plan with 24-hour notification to affected customers. As SOC 2 Type II compliant, breach procedures are audited annually. In practice, zero data retention mode means there is nothing to breach for most use cases.

Question 16

Can I restrict team member permissions?

Accepted Answer

Yes. Role-based access control (RBAC) is available on Pro and Enterprise plans. Roles include Admin, Developer, Viewer, and Billing. Enterprise customers can create custom roles.

Question 17

Does Fivo pass security reviews?

Accepted Answer

Yes. Fivo regularly passes security reviews from enterprise customers including Fortune 500 companies. Questionnaire responses, penetration test reports, and compliance documentation are available under NDA.

Question 18

Is Fivo FedRAMP authorized?

Accepted Answer

Fivo is not yet FedRAMP authorized. Government customers can use the on-premise deployment option for compliance. FedRAMP authorization is on the roadmap for 2027.

Question 19

What third-party security tools does Fivo use?

Accepted Answer

Fivo uses Cloudflare for DDoS protection and WAF, Datadog for monitoring, Snyk for dependency scanning, and annual penetration testing by independent firms. All infrastructure is hardened per CIS benchmarks.

Question 20

How do I report a security concern?

Accepted Answer

Email security@fivo.live. All reports are acknowledged within 24 hours and triaged immediately. For Enterprise customers, your dedicated account manager can also escalate security concerns.

Standard	Status	Details
SOC 2 Type II	Compliant	Annual third-party audit
GDPR	Compliant	DPA available, EU processing option
HIPAA	Compatible	BAA available, on-premise option
Encryption (transit)	TLS 1.3	All connections
Encryption (rest)	AES-256	BYOK for Enterprise
On-Premise	Available	Enterprise plan, air-gapped
Zero Data Retention	Available	Nothing written to disk
FedRAMP	Roadmap 2027	On-premise alternative

Fivo Security & Privacy FAQ

Compliance & Certifications

All 20 Security Questions