Security you can trust

We understand that data migration involves your most sensitive information. That's why security isn't an afterthought—it's built into every layer of Ferry.

< 60 seconds

Average file processing time

7 days

Maximum file retention (configurable)

US & EU

Choose your data residency region

AES-256

Industry-standard encryption

How we protect your data

Every feature is designed with security-first principles. Here's exactly how we keep your data safe.

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your files never touch unencrypted storage.

  • TLS 1.3 for all API communications
  • AES-256 encryption for stored files
  • Encrypted database backups
  • Key rotation every 90 days

Secure API Keys

API keys are hashed using SHA-256 before storage. We never store or log plaintext keys.

  • SHA-256 hashing (irreversible)
  • Keys shown only once on creation
  • Instant revocation capability
  • Per-key usage tracking

Zero Data Retention

Uploaded files are automatically deleted after processing. We don't keep your data longer than necessary.

  • Files deleted within 7 days of import
  • Option for immediate deletion
  • No data mining or analysis
  • Complete audit trail

Row Level Security

Every database query is filtered by user ID at the database level. It's impossible to access another user's data.

  • PostgreSQL RLS policies
  • User isolation by design
  • Service role for API only
  • No shared data access

Webhook Signatures

All webhook payloads are signed with HMAC-SHA256. Verify the signature to ensure data integrity.

  • HMAC-SHA256 signatures
  • Timestamp to prevent replay attacks
  • Configurable timeout windows
  • Signature verification libraries provided

Infrastructure Security

Hosted on enterprise-grade infrastructure with automatic security updates and DDoS protection.

  • Cloudflare DDoS protection
  • Supabase managed PostgreSQL
  • Automatic security patches
  • Geographic redundancy

Compliance & Certifications

We're committed to meeting the highest standards of data protection and privacy.

SOC 2 Type II

In Progress

Currently undergoing SOC 2 Type II audit. Expected completion Q2 2026.

GDPR Compliant

Complete

Full GDPR compliance including data portability, right to erasure, and data processing agreements.

CCPA Compliant

Complete

California Consumer Privacy Act compliance with opt-out rights and data disclosure.

HIPAA

Planned

HIPAA compliance planned for healthcare customers. Contact us for BAA requirements.

How your data flows

Complete transparency on what happens to your data from upload to import.

1

Upload

File encrypted in browser, transmitted over TLS 1.3

2

Storage

Stored encrypted (AES-256) in isolated user bucket

3

Processing

AI parses structure, never stores or logs content

4

Import

Signed webhook delivers data to your system

5

Deletion

File purged within 7 days (or on request)

Security Researchers

Found a vulnerability? We appreciate responsible disclosure. Report security issues to us and we'll respond within 24 hours.

security@ferry.dev

We offer a bug bounty program for qualifying vulnerabilities.

Need more details?

Download our security whitepaper or schedule a call with our security team.

Contact Security Team Security Documentation