FRN Watch

Security

Last updated: 25 May 2026

Your data security matters. Here's what we do today to keep FRN Watch secure — and what we're honest about not yet having.

What we are — and aren't

FRN Watch is an early-stage product. We are not currently SOC 2, ISO 27001, or Cyber Essentials certified. We will say so on this page the moment those audits complete — and not before. If a vendor due-diligence questionnaire asks about certifications, the accurate answer is “none yet; on the roadmap.”

Data Protection

UK GDPR

We process personal data under UK GDPR and the Data Protection Act 2018, with a published privacy policy and a data-controller contact.

UK data residency

Customer data is stored in our Supabase project, which is configured in a UK / EU region. We do not sell or share customer data with third parties.

Technical baseline

Encryption in transit & at rest

  • • All HTTP traffic is served over TLS (managed by Vercel)
  • • Passwords are never stored in plaintext — auth is delegated to Supabase, which hashes them
  • • Database storage is encrypted at rest by Supabase (Postgres on AWS)

Access control

  • • Authentication is handled by Supabase Auth (email + password)
  • • Workspace data is scoped per user; rows you don't own aren't returned by our API
  • • SSO (SAML / OIDC) and enforced MFA are not available today — they are on our roadmap and we will list them here when shipped

Infrastructure

  • • Hosted on Vercel; database and auth on Supabase
  • • Background jobs (FCA polling, notifications) run on Trigger.dev
  • • Both Vercel and Supabase provide DDoS protection at the edge

Sub-processors

FRN Watch is built on the following vendors. Their security certifications are theirs, not ours — listed here so you can include them in vendor due diligence.

VendorPurposeVendor certifications
VercelHosting / edgeSOC 2 Type II, ISO 27001 (per Vercel)
SupabaseDatabase, auth, storageSOC 2 Type II (per Supabase)
Trigger.devBackground jobsSee trigger.dev/security

Backups & continuity

Database backups are provided by Supabase under their managed plan. We do not currently make formal availability commitments (SLAs) and will not present a specific uptime number until we measure and publish one honestly.

For FCA-regulated firms

FRN Watch may help support certain compliance workflows:

  • Third-party monitoring: Daily polling of the FCA Financial Services Register for firms on your watchlist
  • Audit log: A record of acknowledgements and detected changes inside the product

We are not a substitute for your own internal controls. Need vendor due diligence information? Email security@frnwatch.com.

Reporting security issues

Found a vulnerability? Please report it responsibly:

  1. Email details to security@frnwatch.com
  2. Please don't publicly disclose it until we've had a chance to fix it
  3. We'll acknowledge your report and keep you informed of progress

We're grateful for responsible security researchers and won't take legal action against good-faith reports.

Your responsibility

  • Use a strong, unique password
  • Don't share login credentials
  • Keep the email account you signed up with secure
  • Tell us immediately if you suspect compromise

Questions?

For security or compliance questions, email security@frnwatch.com.

Back to home