Fauna is trusted with your data.
Here’s how we protect it.
Security & Vulnerability Management
Information security at Fauna is fundamental to the company and is incorporated into all aspects of our operations. From our hiring requirements to our software development processes building a secure data API is a core focus.
Fauna conducts regular third-party penetration tests and runs ongoing vulnerability scans across our infrastructure. In addition, Fauna prioritizes reports of suspected vulnerabilities from our users and independent security researchers.
Fauna’s security controls were developed in accordance with the AICPA’s Trust Services Criteria and our achievements in these areas has been certified by an independent third-party auditor. Our 2021 SOC2 Type 2 report is available for customer review under NDA.
Data Privacy and Compliance
Fauna was designed with security & compliance front-of-mind and is suitable for application development with a number of information security & compliance frameworks. The internal System Development LifeCycle (SDLC) is based on the ISO27000 series of controls as well as the AWS Well-Architected Framework, while the company’s approach to risk and core controls fulfills the requirements of the AICPA SOC2 framework. The EU General Data Protection Regulation (GDPR) strongly influenced the approach to data residency. Check out this article to see how Fauna gives you controls to pin your data to a certain geo-political boundary using Region Groups.
Availability & Resilience
Within Fauna, every write is natively recorded by at least three data nodes, any of which can serve data as needed. So you never lose data. Furthermore, Fauna nodes span multiple public cloud regions to ensure data is highly available and resilient to infra failures and major provider outages.
Fauna harnesses the power of distributed data to deliver global low-latency read performance. All application requests are routed to a node nearest to the origin to serve data quickly, a key differentiator for developers who need performant applications.
Fauna was built to ensure data consistency under highly concurrent workloads, a necessity for modern application workloads. To verify its safety, Fauna underwent a thorough Jepsen test in 2019, and was proven to offer strictly serializable transaction isolation-- the gold standard for concurrent systems.
For customers processing electronic protected health information (ePHI) within HIPAA-compliant workloads may conclude a Business Associate Agreement to incorporate Fauna as a data layer. Our team can help develop a compliant approach to fit the workload. Contact us to start the discussion.
For customers which are data controllers or data processors of European personal data, Fauna offers EU-only region groups offering strict data localization in accordance with the requirements of the GDPR. If the application requires transfers of EU personal data to Fauna region groups outside of the EU, we rely on the European Commission Data Protection Agreement. Contact us to discuss specific requirements.
Our community and unaffiliated security researchers play an important role in helping to keep Fauna and our customers secure. If you think you have found a security issue in any component of the services listed please inform us.