Frontelio
Back to Trust Center
Trust Center

Compliance posture

Where we stand on data-protection law and security standards. We state what we can back up: alignment with UAE PDPL and GDPR principles today, with formal certifications on a clearly-marked roadmap.

Last updated: 24 June 2026

Standards & certifications

We will only ever claim what we can evidence. The table below separates principles we align with today from certifications still in progress.

UAE PDPL (Federal Decree-Law No. 45 of 2021)Aligned today

We align with PDPL data-protection principles today as a processor.

EU GDPR principlesAligned today

Lawful basis, data minimisation, security, and data-subject rights are reflected in how the product and our DPA are built.

SOC 2Roadmap — not yet certified

Readiness work is in progress. Not yet certified — we will publish the report when achieved.

ISO/IEC 27001Roadmap — not yet certified

On our roadmap. Not yet certified.

We do not claim SOC 2 or ISO 27001 certification, nor HIPAA or PCI-DSS compliance. If a framework is material to your purchase, ask us where it stands.

Data residency

Customer data is hosted in the EU (Frankfurt) by default. Some global providers (push notifications, email) may process limited data outside the region under appropriate safeguards. Regional hosting options are available on request for customers with specific residency requirements.

Data-subject rights

Because Frontelio is a processor, data-subject requests are normally handled by the customer (the controller). We support the controller in honouring the following rights and provide the tooling to act on them:

Access & portability
Individuals (via their employer, the controller) can obtain a copy of their personal data; customers can export their data in standard formats at any time.
Rectification
Incorrect data can be corrected — most fields are editable directly in the app by an authorised manager or HR user.
Erasure
On a valid request routed through the controller, personal data is deleted, subject to any legal retention the customer must observe.
Restriction & objection
Processing can be restricted while a request is assessed. We act on the controller's documented instructions.

Breach notification

If we become aware of a personal-data breach affecting a customer, we commit to notifying that customer without undue delay and providing the information they reasonably need to meet their own regulatory notification duties. We target acknowledgement of a reported security issue within one business day.

Governance

Frontelio is operated by MISSAN COMPUTER L.L.C.SP (Sharjah, UAE; Trade Licence 527553). We maintain a named security contact, the technical controls described on our security practices page, and a Data Processing Agreement available on request. For the current status of any certification or a copy of our compliance documentation, contact support@frontelio.com.

Need this for procurement?

We can provide a signed DPA, the full named-subprocessor list, and our current compliance status on request. We target acknowledgement within one business day.

Contact security