Skip to main content
SECURITY & TRUST

Security & Trust

FDIE analyzes some of the most sensitive assets your company owns - your firmware. Here’s exactly how we protect it, and how we built the engine underneath it.

Last updated: July 6, 2026

DATA PROTECTION

How your data is protected.

Encryption at rest & in transit

All traffic to the FDIE platform is encrypted in transit via TLS, terminated at our edge and enforced end-to-end to our origin infrastructure. Database connections require TLS as well. Secrets and database credentials are never hardcoded - they are issued dynamically, short-lived, and automatically rotated through a dedicated secrets management system. Firmware images and analysis results are encrypted at rest on our infrastructure providers' managed storage.

Multi-tenant data isolation

Every firmware image, analysis result, and report is scoped to your organization. FDIE’s data model enforces org-level isolation at the database layer - your data is never visible to other tenants.

RBAC & audit logging

Role-based access control governs who can upload firmware, view results, or export reports. Every sensitive action - uploads, exports, user and role changes - is recorded in an audit log.

SSO / SAML (Enterprise)

Enterprise plans support SSO via SAML, so your team signs in with the identity provider you already use - and offboarding is handled centrally.

ENGINE TRANSPARENCY

What FDIE is built on - and under which licenses.

Quick definition: Every component of FDIE's analysis pipeline is built and maintained in-house. No third-party analysis frameworks, no external tools required at runtime. We publish our engine stack and provide a full SBOM of FDIE itself on request.

ComponentLicenseRole in FDIE
In-house extraction engineProprietaryUnpacks firmware images and filesystems across 15+ formats
In-house control-flow & decryption engineProprietaryResolves encrypted partitions and analyzes binary control flow
In-house binary parsing engineProprietaryParses executable and library formats for component identification

We publish our engine stack and provide a full SBOM of FDIE itself on request - the same standard we hold your firmware to.

ACCURACY & FALSE POSITIVES

Auditable accuracy, not a marketing number.

FDIE uses static binary analysis, pattern matching, and CVE database lookups. No machine learning, no probabilistic scoring. Run the same firmware twice and you get identical output. Every finding traces back to a specific binary, line, or configuration value you can verify yourself.

100%

Deterministic

Zero

AI black boxes

Two of the biggest noise sources in firmware scanners, context-free high-entropy secrets and crypto-constant signatures, are suppressed by design.

DATA RETENTION & DELETION

You control how long we keep your data.

Firmware images and analysis results are retained for as long as your account is active, or per your plan's configured retention window. You can request deletion of your firmware images, analysis history, and account data at any time. For full details, see our Privacy Policy.

COMPLIANCE CERTIFICATIONS

Where we are today

SOC 2 Type II - Planned ISO 27001 - Planned

We'll update this page as certifications complete. In the meantime, this Security & Trust page documents our current architecture and controls in detail.

SUB-PROCESSORS

Who we share data with.

We use a small number of sub-processors to operate FDIE. Each is bound by a data processing agreement consistent with our own commitments.

Sub-processorPurposeLocation
Cloud infrastructure providerApplication and data hostingIndia (default; data residency available on Enterprise on-prem)
Email service providerTransactional email deliveryUSA
Dodo PaymentsBilling and invoicingIndia
RESPONSIBLE DISCLOSURE

Found a security issue?

We take vulnerability reports seriously and welcome reports from security researchers. Email us at [email protected] with details and reproduction steps - we'll acknowledge your report and keep you updated as we investigate.

Read our full Responsible Disclosure Policy for scope and ground rules, and see who we've credited so far on our Hall of Fame.

Questions about our security architecture?

Talk to our team directly - we're happy to walk through our architecture with your security or procurement reviewers.

or contact us →