Skip to main content

How We Protect Your Data

Your privacy and security are our top priorities. We use industry-leading security measures to protect your information.

Data Protection

Protection at Rest

Your data is protected in our databases through multiple security measures:

  • Row-Level Security (RLS) - Database-level access controls ensure only authorized users can access your data
  • Membership-based access - You can only access data from households where you're a member
  • Role-based permissions - Access is controlled by roles and memberships

Secrets Encryption:

For sensitive information like passwords and access codes (stored as "secrets"), we use additional encryption:

  • AES-256-GCM encryption - Military-grade encryption standard
  • Unique initialization vectors (IVs) - Each secret gets its own unique IV, ensuring identical secrets encrypt differently
  • Secure key management - The encryption key is stored securely and is never stored in the database with the encrypted data

Regular data (like appliance information, maintenance records, tasks, etc.) is protected by Row-Level Security. Only secrets receive additional encryption at rest.

Encryption in Transit

All data transmitted between your device and Frantly servers is encrypted using:

  • TLS/SSL encryption - The same security used by banks and financial institutions
  • Secure connections - All connections use HTTPS
  • Certificate validation - We verify the security of every connection

Access Controls

Row-Level Security: Database-Level Protection

We use Row-Level Security (RLS) to protect your data. Think of RLS as a security guard built directly into the database that checks every request before allowing access.

How It Works

When you or anyone else tries to access data, the database checks:

  • Are you a member? - You can only see data from households where you're a member
  • What's your role? - What permissions do you have based on your role in that household
  • Is this your data? - You can only access information from households you belong to

How Membership Works:

  • If you're a member of multiple households, you can access data from all of them
  • Row-Level Security checks: "Is this data from a household where I'm a member?"
  • The database enforces this check on every query
  • Other users who aren't members of your household cannot access your data

Why This Matters

Multiple Layers of Protection:

  • Application-level security - The Frantly app checks permissions
  • Database-level security - The database itself enforces access rules
  • Defense in depth - Even if there's an issue with the app, the database protects your data

What This Means for You:

  • Membership-based access - You can only access data from households where you're a member
  • Automatic protection - Security is built into the database, not just the app
  • No unauthorized access - Other users who aren't members of your household cannot access your data, even if they try
  • Peace of mind - Your data is protected at the most fundamental level

Real-World Example:

Imagine you're a member of two households: your main home and a vacation property. Row-Level Security ensures:

  • You can access data from both households (because you're a member of both)
  • When you query for data, the database checks membership and returns data from both households
  • Another user who is only a member of your main home can only access that household's data
  • That same user cannot access your vacation property's data (because they're not a member)
  • The database enforces these access rules at the database level
  • Even if someone tries to access a household they're not a member of, the database blocks it

Role-Based Access

Access to your household information is controlled by roles:

  • Owners - Full control over household settings and data
  • Admins - Can manage most settings and content
  • Members - Can view and contribute, with limited management access

Only people you explicitly invite can access your household information. Row-Level Security ensures that even if someone tries to access data they shouldn't, the database will block them based on their role and membership.

Secrets Protection

When you store sensitive information like passwords or access codes:

  • Separate encryption - Secrets use additional encryption beyond standard data protection
  • Never logged - Secret values are never stored in logs or audit trails
  • Secure viewing - Secrets are only decrypted when you explicitly request to view them
  • Audit trail - We log when secrets are viewed (but not their values) for security monitoring

Account Security

Authentication

  • Secure sign-in - We use industry-standard authentication protocols
  • Session management - Your sessions are securely managed and can be reviewed
  • Account recovery - Secure account recovery options if you lose access

Your Control

You have full control over:

  • Who has access - You decide who can see your household information
  • What they can do - You control permissions for each household member
  • Your data - You can export or delete your data at any time

Regular Security Updates

We continuously:

  • Monitor for threats and respond quickly
  • Update our security measures
  • Audit our security practices
  • Follow industry security standards and best practices

Your Privacy Rights

You have the right to:

  • Access your data - See what information we have about you
  • Correct your data - Update or correct your information
  • Delete your data - Request deletion of your account and data
  • Export your data - Get a copy of your data in a standard format
  • Control sharing - Decide who can see your information

Questions About Security?

If you have questions about how we protect your data, please contact support. We're committed to transparency about our security practices.