Security
Your revenue data is your most sensitive asset. Fairway is built with security as a foundation, not an afterthought.
All integration tokens and credentials are encrypted at rest using AES-256-GCM. Data in transit is protected with TLS 1.3. Your CRM credentials never touch our servers in plain text.
Every database query is scoped to the authenticated user. There is no shared data layer. Your pipeline data, transcripts, and outputs are completely isolated from other accounts.
Powered by Supabase Auth with support for email/password and OAuth. Session tokens are short-lived and automatically refreshed. All API endpoints require authentication.
Your data is never used to train AI models. Fairway uses the Anthropic API with zero data retention. Inputs and outputs are processed in real-time and not stored by the AI provider.
Hosted on Vercel’s SOC 2 Type II certified infrastructure. Database hosted on Supabase (SOC 2 Type II). All infrastructure runs in the United States.
Integration connections use OAuth 2.0 with minimal required scopes. Token refresh is automatic with expiry-based rotation. Disconnect any integration instantly and all associated tokens are deleted.
Compliance & Certifications
Fairway is built on SOC 2 Type II certified infrastructure partners (Vercel, Supabase, Anthropic). We are currently pursuing our own SOC 2 Type II certification.
Questions?
If your security team needs additional information, we are happy to complete your security questionnaire or schedule a call. Contact us at security@fairway.ai.
Start Free Trial