Fauna logo
StatusForumsHelpdeskDocumentationTalk to an Expert
Fauna logo
StatusForumsHelpdeskDocumentationTalk to an Expert
© 2024 Fauna, Inc. All Rights Reserved.

System Status

Check Now

Fauna is trusted with your data.

Here’s how we protect it.

Security & Vulnerability Management

security-whitepaper
Security White Paper

Information security at Fauna is fundamental to the company and is incorporated into all aspects of our operations. From our hiring requirements to our software development processes building a secure data API is a core focus.

Read White Paper ->
v-management
Vulnerability Management

Fauna conducts regular third-party penetration tests and runs ongoing vulnerability scans across our infrastructure. In addition, Fauna prioritizes reports of suspected vulnerabilities from our users and independent security researchers.

soc2
SOC2 Report

Fauna’s security controls were developed in accordance with the AICPA’s Trust Services Criteria and our achievements in these areas has been certified by an independent third-party auditor. Our latest SOC2 Type 2 report is available for customer review under NDA.

Request Report ->

Data Privacy and Compliance

service-cert
Fauna Service Certifications

Fauna was designed with security & compliance front-of-mind and is suitable for application development with a number of information security & compliance frameworks. The internal System Development LifeCycle (SDLC) is based on the ISO27000 series of controls as well as the AWS Well-Architected Framework, while the company’s approach to risk and core controls fulfills the requirements of the AICPA SOC2 framework. The EU General Data Protection Regulation (GDPR) strongly influenced the approach to data residency. Check out this article to see how Fauna gives you controls to pin your data to a certain geo-political boundary using Region Groups.

AICPA SOC
GDPR

Availability & Resilience

dist-cluster
Distributed Data

Within Fauna, every write is natively recorded by at least three data nodes, any of which can serve data as needed. So you never lose data. Furthermore, Fauna nodes span multiple public cloud regions to ensure data is highly available and resilient to infra failures and major provider outages.

endpoint
Endpoint-aware Routing

Fauna harnesses the power of distributed data to deliver global low-latency read performance. All application requests are routed to a node nearest to the origin to serve data quickly, a key differentiator for developers who need performant applications.

jepsen
Strong Data Consistency

Fauna was built to ensure data consistency under highly concurrent workloads, a necessity for modern application workloads. To verify its safety, Fauna underwent a thorough Jepsen test in 2019, and was proven to offer strictly serializable transaction isolation-- the gold standard for concurrent systems.

Jepsen Report ->

Agreements

terms
Terms of Use

The Fauna Terms of Use govern the use of, and payment for, Fauna’s database and explains both customer and company obligations. The Terms are available for review at the link below.

Read Terms ->
baa
BAA

For customers processing electronic protected health information (ePHI) within HIPAA-compliant workloads may conclude a Business Associate Agreement to incorporate Fauna as a data layer. Our team can help develop a compliant approach to fit the workload. Contact us to start the discussion.

Contact Us ->
dpa
DPA

For customers which are data controllers or data processors of European personal data, Fauna offers EU-only region groups offering strict data localization in accordance with the requirements of the GDPR. If the application requires transfers of EU personal data to Fauna region groups outside of the EU, we rely on the European Commission Data Protection Agreement. Contact us to discuss specific requirements.

Contact Us ->

Vulnerability Reporting

flag
Bug Bounty Program

Our community and unaffiliated security researchers play an important role in helping to keep Fauna and our customers secure. If you think you have found a security issue in any component of the services listed please inform us.

Download Reporting Policy ->

Vendors

Google
AWS
avatar on white
Cobalt
SalesForce
Atlassian
datadog
Stripe
microsoft