Protecting the energy and infrastructure that powers your world.

Information is a critical asset supporting our cloud-based energy and infrastructure management solutions. Protecting the confidentiality, integrity, and availability of our customers' data is central to our mission and essential for maintaining the trust you place in us.

We operate a comprehensive, risk-based Information Security Management System (ISMS) designed to ensure security is embedded into everything we build and operate.

Our Information Security Management System is aligned with ISO/IEC 27001:2022 and is continuously improved through structured risk management, internal audits, and management review processes.

We process personal data in strict accordance with the General Data Protection Regulation (GDPR) and applicable EU legislation. Data protection principles are embedded into our systems by design and by default.

Customer data is hosted within the European Union unless otherwise contractually agreed. Any international data transfers are conducted using GDPR-compliant safeguards.

We apply strong cryptographic and technical safeguards to protect sensitive information.

Encryption in Transit: All data transmitted to and from Fentrica is protected using TLS 1.2 and TLS 1.3 with authenticated encryption. Every connection is verified, and all communication is encrypted to prevent interception or tampering.

Encryption at Rest: Sensitive data stored in databases and object storage systems is encrypted using industry-standard algorithms such as AES-256.

We believe your data belongs to you. We have engineered our internal systems to ensure that Fentrica personnel cannot access your information without your explicit permission.

Zero-Access Policy: By default, no Fentrica personnel—including support and engineering teams—have access to customer data.

Customer-Led Approval: Access to customer environments is granted only in exceptional circumstances (such as active support requests) and requires explicit customer authorization.

Restricted Executive Oversight: Administrative access for critical system integrity is strictly limited to designated senior technical roles (CTO and Tech Lead). All privileged actions are logged and governed by the principle of least privilege.

Multi-Factor Authentication (MFA): MFA is strictly enforced for all administrative and critical system access.

Fentrica operates a secure, cloud-native architecture hosted by tier-1 cloud infrastructure providers.

Continuous Monitoring: Our systems are continuously monitored through centralized logging, automated security alerting, and anomaly detection to identify and respond to suspicious activity.

Edge Authorization: To prevent unauthorized remote manipulation, authorization for operational commands is verified directly on the edge device—not solely in the cloud.

We maintain encrypted backups and formally documented disaster recovery procedures to ensure service continuity.

Backup processes are regularly tested to verify data integrity and restoration capability. Our business continuity planning ensures rapid recovery in the event of infrastructure disruption.

We value the work of security researchers who spend time and effort helping us make our platform more secure. Security is continuously assessed and improved.

• Regular internal vulnerability assessments
• Continuous automated security scanning
• Risk-based prioritization and remediation
• Periodic independent penetration testing

Identified vulnerabilities are risk-rated and remediated according to defined response timelines. Critical findings are prioritized for immediate action.

We maintain a formal Incident Response Plan aligned with ISO/IEC 27001 controls.

In the event of a confirmed security incident affecting customer data, impacted customers are notified without undue delay and in accordance with GDPR requirements. Incidents are investigated, documented, and used to strengthen preventive controls.

We value the work of security researchers and encourage responsible disclosure.

If you believe you have identified a security vulnerability, please contact our security team: security@fentrica.com

Reports are reviewed promptly and handled in accordance with our responsible disclosure practices.

Security is a shared responsibility across our organization and partner ecosystem.

Supplier Security: Critical third-party providers undergo security evaluation before being permitted to process Fentrica data.

Staff Confidentiality & Training: All employees sign legally binding Non-Disclosure Agreements (NDAs) and complete mandatory information security training.

Access rights are granted based on role and business need and are reviewed regularly.