Security

How we protect your documents and data

Your Franchise Disclosure Documents contain sensitive financial and legal information. We take the protection of that data seriously. This page describes the security measures we have in place.

Encryption in Transit

All data transmitted between your browser and FranVantage is encrypted using TLS 1.2 or higher. This includes document uploads, analysis results, and all API communications.

Encryption at Rest

Documents and data stored on our infrastructure are encrypted at rest using AES-256 encryption. This applies to uploaded FDDs, analysis results, and account information.

Cloud Infrastructure

FranVantage is built on cloud infrastructure providers (such as AWS and Supabase) that maintain SOC 2 compliance. We leverage their enterprise-grade physical security, network isolation, and compliance certifications. FranVantage itself has not obtained independent SOC 2 certification at this time.

Access Controls

Access to customer data is restricted through role-based access controls. Authentication is required for all interactions with the platform. Administrative access is limited and audited.

Document Processing

When you upload an FDD for analysis, the document passes through our processing pipeline:

  • Documents are encrypted during upload and remain encrypted at rest
  • Each document is processed within your account's scope — your data is logically separated from other users' data
  • Intermediate processing artifacts are discarded once analysis is complete
  • Your completed analysis and original document are stored securely in your account until you choose to delete them

AI Provider Data Handling

FranVantage uses third-party AI services to process and analyze your documents. We are transparent about how this works:

  • Under the current API and enterprise terms of our AI providers, document content submitted via their APIs is not used to train their models
  • Document content is not retained by providers beyond what is necessary to complete the processing request, per their current API terms
  • All communications with AI providers are encrypted in transit
  • We rely on provider API terms for these protections and do not currently have individually negotiated data processing agreements with each provider

We disclose this honestly because we believe you should understand exactly how your sensitive documents are handled at every stage.

Data Deletion

You can request deletion of your documents and account data at any time. Upon request:

  • Your uploaded documents will be permanently deleted from our primary systems within 30 days
  • Your analysis results will be permanently deleted
  • Your account information will be removed
  • Backup copies will be purged within 90 days

Incident Response

We maintain an incident response process to address security events. In the event of a data breach affecting your personal information or documents, we will notify affected users without unreasonable delay and in accordance with applicable law.

Responsible Disclosure

If you discover a security vulnerability in FranVantage, we ask that you report it to us responsibly. Please email security@franvantage.com with details of the vulnerability.

Safe harbor: We will not pursue legal action against individuals who discover and report security vulnerabilities in good faith, provided they do not access, modify, or delete other users' data, do not disrupt the service, and provide us reasonable time to address the issue before public disclosure.

We will investigate all reports and work to address confirmed vulnerabilities promptly.

Questions

If you have questions about our security practices, contact us at security@franvantage.com.