Built for operational evidence
Frontelio is built for operational evidence: every critical action is permissioned, timestamped, audit-logged, and exportable.
When you run frontline teams across multiple outlets, trust comes from proof — not promises. Here is how we secure your data, protect your team's privacy, and keep a defensible record of what actually happened.
Security overview
All traffic is encrypted in transit over HTTPS/TLS, and your data is encrypted at rest. Access follows least-privilege principles, and every company runs in its own isolated tenant so one customer's data is never reachable from another's.
Privacy & data processing
Your operational data is yours. We process it only to run your operation — never to sell or share. You can export your data at any time, and we delete it on request once you decide to leave.
Subprocessors
We rely on a short, vetted set of infrastructure providers: cloud hosting, object storage, push notifications, transactional email, and the AI provider that powers photo verification. The full named-subprocessor list is available under NDA / on request.
Uptime & status
Production is continuously monitored with health checks and error tracking, so regressions surface fast and on-call can respond. A public status page is coming soon for real-time visibility into uptime and incidents.
Backups & retention
The database is backed up automatically every day. Evidence and selfie retention is configurable with automatic purge once the window passes, and we maintain a tested restore procedure so recovery is predictable.
Audit logs & access control
Every meaningful action is timestamped and written to an immutable audit log. Permissions run on a 9-role RBAC matrix, with group-level overlays so multi-company owners get exactly the right reach — and nothing more.
AI data handling
AI photo verification runs only on the evidence your team captures, and only to verify the specific task at hand. Your images are not used to train external models. Results are advisory and always reviewable by a human before they count.
Compliance roadmap
We align with UAE PDPL and GDPR data-protection principles today. SOC 2 and ISO 27001 readiness work is in progress — these are on our roadmap and not yet certified. We will publish certificates here once they are achieved.
Four properties on every critical action
Each meaningful change in Frontelio carries the same properties, so what you report to an auditor, a franchisor, or your own leadership holds up to scrutiny.
Every action is gated by role-based access control.
Each event records exactly when it happened.
Critical changes land in an immutable trail.
Pull your records out whenever you need them.
Every clock-in is a reviewable record
This is the kind of record the controls on this page protect. A clock-in carries a live selfie, a GPS pin checked against the outlet geofence, and a precise timestamp — all written to the audit log and approved by a human before it counts.
Selfies and location are captured only for attendance verification, retained for your configured window, and then purged automatically. Nothing here is used to train external AI models.
Subprocessors
We keep our supply chain short and vetted. These are the categories of infrastructure that process your data, what each is for, and where it runs.
- Purpose
- App + database hosting
- Data type
- Operational + account data
- Region
- EU (configurable)
- Purpose
- Photos / evidence files
- Data type
- Images + documents
- Region
- EU (configurable)
- Purpose
- Mobile alerts
- Data type
- Device tokens
- Region
- Global
- Purpose
- Transactional email
- Data type
- Email addresses
- Region
- Global
- Purpose
- Photo verification
- Data type
- Submitted evidence images
- Region
- Processing only
Full named-subprocessor list available under NDA / on request.
Data handling at a glance
Concrete answers to the questions security and procurement teams ask first.
Data & hosting region
EU region by default, with regional hosting options available on request.
Backups
Automated daily database backups with a tested restore procedure.
Retention
Configurable evidence/selfie retention with auto-purge. Audit logs retained 12 months (adjustable by plan).
Export & deletion
Self-serve export at any time. Deletion on request, actioned within 30 days.
Incident response
A named security contact with a target acknowledgement within 1 business day.
DPA
A Data Processing Agreement is available on request for customers who need one.
Security contact
Reporting a vulnerability, or need a DPA, the subprocessor list, or our compliance status? Reach the security team directly — we target acknowledgement within one business day.
You own your data
Your records, photos, and reports belong to your company. We act only as the processor that runs your operation on your behalf.
Isolated by company
Multi-tenant by design with per-company isolation. A group owner sees their own companies — never another customer's data.
Leave cleanly
Export everything on the way out, then request deletion. No hostage data, no lock-in — your evidence travels with you.
For security & procurement reviewers
The deeper detail your reviewers ask for, written to be read. DPA and SLA are provided as templates pending final legal review.
Security practices
Encryption, tenant isolation, RBAC, password hashing, audit logging, backups, infrastructure, and monitoring — in detail.
ReadData Processing Agreement
A readable DPA summary: controller/processor roles, data categories, retention, and sub-processing terms.
ReadSubprocessors
The named providers we use — hosting, storage, push, email, monitoring, and AI — with purpose and region.
ReadService Level Agreement
Our uptime target, support response targets by severity, and maintenance windows.
ReadCompliance posture
UAE PDPL + GDPR alignment, EU data residency, data-subject rights, and the certification roadmap.
ReadRun on evidence, not WhatsApp screenshots.
Permissioned, timestamped, audit-logged, exportable. Give your team a system of record they can actually trust.