Trust Center
Security, privacy, and compliance you can verify.
FMCG Cloud runs the route to market on one data model, so we treat the security and privacy of that data as the product. This page states our posture as it stands today — including what’s still in progress.
Compliance & certifications
We list each item with its real status — certified, aligned, in progress, or on the roadmap — and never claim a certification we don’t hold.
SOC 2
A SOC 2 Type II examination is underway. We’ll publish the report here and share it under NDA on request once available.
GDPR & CCPA
We process personal data on a lawful basis with data-subject and consumer rights honoured. A Data Processing Addendum is available for customers.
ISO 27001
Not yet certified — listed here transparently. We operate to an ISO-27001-aligned control set and will pursue formal certification as we scale.
How we protect your data
Encryption everywhere
All traffic is served over TLS; data is encrypted at rest by our cloud provider. Secrets are held in a managed secret store, never in source or images.
Least-privilege access
Service-to-service calls use scoped credentials. A strict Content-Security-Policy with per-request nonces is enforced on every page.
Tenant isolation
Each customer is a separate tenant. Data access is scoped per tenant; we do not use one tenant’s data to train models for another without explicit opt-in.
Auditability
Administrative and credit actions are recorded to an audit trail, and platform activity is logged for security monitoring and investigation.
Subprocessors
The infrastructure providers we rely on to deliver the service. Current and non-exhaustive; we’ll update this list as it changes.
Questions about security?
For security reviews, a DPA, or to report a vulnerability, get in touch and we’ll route you to the right person. Our data practices are detailed in the Privacy Policy; live service status is on the status page.
Contact us