Freyr Trust Center

At Freyr, trust is more than a promise - it is the foundation of everything we do. Our customers, employees, and partners rely on us to protect what matters most - their data. The Freyr Trust Portal is your gateway to understanding how we safeguard sensitive information and uphold the highest standards of security, privacy, and compliance.

  • Security

    Our Commitment to Security

    We recognize that the confidentiality, integrity, and availability of this data is critical to your success - and ours. That’s why we’ve built a comprehensive security program designed to meet and exceed industry standards.

    To Support This Commitment, Our Security Program Includes:

    • ISO 9001:2015 - Quality Management Systems
    • ISO/IEC 27001:2022 - Information Security Management, Cybersecurity and Privacy Protection
    • GDPR 2016/679
    • SOC2 Type II - System and Organization Controls

  • Integrity

    Always Improving, Always Accountable

    Security is not a one-time effort - it’s a continuous journey. We regularly assess our systems, update our protocols, and train our teams to stay ahead of emerging threats. Your trust drives our commitment to excellence.

  • Support

    Need More Information?

    If you’re a customer, partner, or auditor seeking specific documentation or have questions about our security practices, please contact our Trust & Security team.

Technology and Security Whitepaper

Download Whitepaper

From the CPO’s Desk: Built for Trust

At Freyr, every product choice we make is grounded in purpose and trust. As the Chief Product Officer, my focus is on building solutions that are intuitive, reliable, and deeply aligned with the needs of regulatory teams.

Every feature, every module, and every update is a step forward in our shared journey towards smarter, safer, and more compliant operations.

Praveen Bezawada
Kranthi R, CPO

From the CTO's Desk: Secure by Design

At Freyr, trust isn't just a promise, it's the foundation of everything we build. As the Chief Technology Officer, I ensure that every line of code and product decision reflects our commitment to security, reliability, and transparency.

We've built freya fusion to be powerful yet resilient, knowing our customers rely on us for sensitive, business-critical work. Security and privacy are not checkboxes for us, they guide how we build, innovate, and evolve.

Thank you for placing your trust in us. We're here to protect it, every step of the way.

Praveen Bezawada
Praveen Bezawada, CTO

From the CISO’s Desk: Protecting What Matters

At Freyr, protecting your data is at the core of what we do. As the Chief Information Security Officer, I see security not just as a system, but as a culture that runs through our entire organization.

Our mission is simple, keep your information safe, your privacy intact, and our practices transparent. We continuously assess risks, strengthen safeguards, and align with the highest standards to stay ahead of evolving threats.

Trust isn't given once - it's earned every day. And that's exactly what we strive for.

Venkat Luckyreddy
Venkat Luckyreddy, CISO

Mechanisms

Access Control Procedures Established

Our access control policy defines requirements for three functions: adding new users (identity verification and access assignment), modifying users (updating information and access rights), and removing users (revoking access and deactivating credentials).

Access Revoked Upon Termination/Employee Exits

We complete termination checklists to ensure that access is revoked for departing employees within defined SLAs.

Production System Access Restricted

We ensure system access is restricted to authorized users only.

Production Application Access Restricted

We restrict privileged access to databases and other production workloads to authorized users with a legitimate business need.

Intrusion Detection System & Monitoring

We use cloud-native intrusion detection and endpoint detection and response (EDR) solutions to provide continuous monitoring of our network and early detection of potential security breaches, including protection for end-user devices.

Infrastructure Performance Monitored

We use infrastructure monitoring tools to track systems and performance and generate alerts when predefined thresholds are met.

Network and System Hardening Standards Maintained

Our network and system hardening standards are based on industry best practices and are reviewed at least annually.

Unique Account Authentication Enforced

We require users to authenticate to systems and applications using unique usernames and passwords; access to secret keys is strictly limited to authorized personnel.

Unique Network System Authentication Enforced

We segregate Production and lower environments (Dev, QA, SQA, Pre-Prod) and enforce unique authentication via role-based access control.

Application Security Configured

We use a web application firewall (WAF) to protect internet-facing applications and mitigate industry-recognized attacks and downtime.

Network Firewalls Reviewed

We review firewall rule sets at least annually.

Network Firewalls Utilized

We use firewalls configured to prevent unauthorized access.

Encryption Key Access Restricted

We restrict privileged access to encryption keys to authorized users with a business need.

Production Network Access Restricted

We restrict privileged access to the production network to authorized users with a business need.

Service Infrastructure Maintained

We ensure that infrastructure supporting the service is regularly patched as part of routine maintenance and in response to identified vulnerabilities, helping to harden servers against security threats.

Production OS Access Restricted

We restrict privileged access to the operating system to authorized users with a business need.

Firewall Access Restricted

We restrict privileged access to the firewall to authorized users with a business need.

User Access MFA Enforced

We enforce multi-factor authentication (MFA) on all user accounts.

Asset Disposal Procedures Utilized

We ensure that electronic media containing confidential information is purged or destroyed in accordance with industry best practices, with certificates of destruction maintained as evidence.

Production Inventory Maintained

At Freyr, we maintain a formal inventory of production system assets.

Portable Media Encrypted

We encrypt portable and removable media devices when used.

Anti-Malware Technology Utilized

We deploy anti-malware and EDR solutions on systems commonly susceptible to malicious attacks, and we configure them to update routinely, log activity, and be installed on all relevant systems.

Employee Background Checks Performed

We perform background checks on new employees.

Code of Conduct Acknowledged by Contractors

We require contractor agreements to include a code of conduct or a reference to the company code of conduct.

Code of Conduct Acknowledged by Employees and Enforced

We require employees to acknowledge a code of conduct at the time of hire. Employees who violate the code of conduct are subject to disciplinary action in accordance with our disciplinary policy.

Confidentiality Agreement Acknowledged by Contractors

We require contractors to sign a confidentiality agreement at the time of engagement.

Confidentiality Agreement Acknowledged by Employees

We require employees to sign a confidentiality agreement during onboarding.

Password Policy Enforced

We require passwords for in-scope system components to be configured according to company policy.

MDM System Utilized

At Freyr, we have a mobile device management (MDM) system in place to centrally manage mobile devices supporting the service.

Visitor Procedures Enforced

We require visitors to sign in, wear a visitor badge, and be escorted by an authorized employee when accessing the office or secure areas.

Security Awareness Training Implemented

We require employees to complete security awareness training as part of onboarding and at least annually thereafter.

Data Encryption Utilized

We safeguard both customer and internal data by adhering to industry best practices.

Control Self-Assessments Conducted

We conduct control self-assessments at least annually to ensure that controls are in place and functioning effectively. Corrective actions are implemented based on assessment findings and, where SLAs apply, completed within the agreed timeframe.

Penetration Testing Performed

Our penetration testing is performed at least annually. A remediation plan is developed, and changes are implemented to address vulnerabilities in accordance with SLAs.

MFA Support

We ensure the application supports multi-factor authentication (MFA), requiring additional factors beyond usernames and passwords.

SSO Integration Support

The application supports Single Sign-On (SSO) integration using Security Assertion Markup Language (SAML).

Data Encryption

We use secure data transmission protocols, such as TLS 1.2 or higher, to encrypt data transmitted over public networks. We also ensure encryption at rest is enabled to protect stored information.

Vulnerability and System Monitoring Procedures Established

Our formal policies define requirements for key IT and Engineering functions, including Vulnerability Management, System Monitoring, and a robust Software Development Life Cycle (SDLC) process.

Continuity and Disaster Recovery Plans Established

We ensure Business Continuity and Disaster Recovery Plans are in place, including defined communication strategies to maintain information security continuity in the event of key personnel unavailability.

Continuity and Disaster Recovery Plans Tested

At Freyr, we have an established and documented Business Continuity and Disaster Recovery (BC/DR) plan, which is tested at least annually to ensure its effectiveness.

Configuration Management System Established

At Freyr, we have a configuration management procedure in place to ensure that system configurations are deployed consistently throughout the environment.

Change Management Procedures Enforced

We ensure that all changes to software and infrastructure components are authorized, formally documented, tested, reviewed, and approved prior to deployment in the production environment.

Production Deployment Access Restricted

We restrict the ability to migrate changes to the production environment to authorized personnel only.

Development Lifecycle Established

We follow a formal Systems Development Life Cycle (SDLC) methodology that governs the development, acquisition, implementation, maintenance, and management of changes—including emergency changes—to information systems and related technology requirements.

SOC 2 – System Description

SOC 2 reports are maintained and reviewed for cloud vendors that provide infrastructure hosting, ensuring compliance with security, availability, and confidentiality requirements.

Whistleblower Policy Established

At Freyr, we have established a formal whistleblower policy, and an anonymous communication channel is in place for users to report potential issues or fraud concerns.

Board Meetings Conducted

Our Board of Directors meets at least annually, with formal meeting minutes maintained to document discussions and decisions.

Backup Processes Established

Our data backup policy outlines the requirements for the backup and recovery of customer data to ensure data integrity and availability.

System Changes Externally Communicated

We notify customers of critical system changes that may impact their processing, ensuring transparency and allowing for necessary adjustments.

Organization Structure Documented

At Freyr, we maintain an organizational chart that describes the organizational structure and reporting lines.

Roles and Responsibilities Specified

Roles and responsibilities for the design, development, implementation, operation, maintenance, and monitoring of information security controls are formally assigned through job descriptions and/or documented in the Roles and Responsibilities policy.

Security Policies Established and Reviewed

Our information security policies and procedures are documented and reviewed at least annually.

Support System Available

At Freyr, we maintain an external-facing support system that enables users to report system failures, incidents, concerns, and other complaints to the appropriate personnel or teams.

System Changes Communicated

We communicate system changes to authorized internal users.

Access Reviews Conducted

We conduct periodic access reviews for in-scope system components to ensure access is appropriately restricted, with required changes tracked through to completion.

Access Requests Required

We ensure that user access to in-scope system components is granted based on job role and function, or via a documented access request with manager approval prior to provisioning.

Incident Response Policies Established

At Freyr, we have security and privacy incident response policies and procedures that are documented and communicated to authorized users.

Incident Management Procedures Followed

Security and privacy incidents are logged, tracked, resolved, and communicated to affected or relevant parties by management according to the company’s security incident response policy and procedures.

Physical Access Processes Established

At Freyr, we have established processes for granting, modifying, and revoking physical access to company data centers, based on authorization from designated control owners.

Company Commitments Externally Communicated

Our security commitments are communicated to customers as needed, ensuring transparency and alignment with customer expectations.

External Support Resources Available

At Freyr, we provide customers with guidelines and technical support resources to assist with system operations.

Service Description Communicated

At Freyr, we provide clear and concise descriptions of our products and services to inform and engage both internal stakeholders and external audiences.

Risk Assessments Performed

We conduct annual risk assessments to identify and evaluate threats—including environmental, regulatory, technological, and fraud-related risks—that may impact our service commitments and objectives.

Risk Management Program Established

At Freyr, we maintain a documented risk management program that outlines the identification of potential threats, risk significance ratings, and corresponding mitigation strategies.

Third-Party Agreements Established

At Freyr, we maintain written agreements with vendors and third parties that include confidentiality and privacy commitments specific to each entity.

Vendor Management Program Established

At Freyr, we have a vendor management program that includes defined security and privacy requirements and mandates annual reviews of critical third-party vendors.

Vulnerabilities Scanned and Remediated

We perform host-based vulnerability scans in real time using cloud-native services, with critical and high-severity vulnerabilities tracked through to remediation.

Data Retention Procedures Established

At Freyr, we have formal procedures in place to ensure the secure retention and disposal of both company and customer data.

Customer Data Deleted Upon Leaving

We securely purge customer data containing confidential information from the application environment upon service termination, following defined processes and industry best practices.