Skip to main content

Security at Fido

How we protect interpreting agencies, schools, healthcare teams, and the Deaf consumers they serve, at every layer of the platform.

Last updated June 27, 2026

Security overview

Fido protects confidentiality at every layer. We serve interpreting agencies, school districts, and healthcare teams who handle sensitive information, and Deaf consumers who trust us with their schedules, preferences, and accommodations. Security and privacy are foundational to the product, not bolted on.

Compliance and certifications

SOC 2 Type IISecurity, availability, confidentiality
ISO/IEC 27001Information security management
HIPAABAA available
FERPASchool-official exception
HECVATHigher-ed assessment on request
WCAG 2.2 AAAccessibility

Working toward, and continuously verifying. Some certifications listed reflect programs we maintain on an ongoing audited basis; others reflect frameworks we are aligned to and can evidence on request. Reports and questionnaires (SOC 2, HECVAT, CAIQ) are available to customers and qualified prospects under NDA, contact security@fetchfido.ai.

Encryption

  • In transit: all traffic is encrypted with TLS 1.2 or higher.
  • At rest: data, files, and backups are encrypted using AES-256.
  • Encryption keys are managed by our cloud provider’s key-management service and rotated on a regular schedule.

Infrastructure and availability

The Fido platform runs on hardened, enterprise-grade cloud infrastructure on Amazon Web Services (AWS); our marketing website is hosted separately on Kinsta (Google Cloud Platform). We use multiple availability zones, automated failover, and continuous health monitoring. Disaster-recovery procedures are tested regularly, with defined recovery objectives.

AI and your data

Fido’s built-in AI assistant is powered by Anthropic’s Claude models. When you use it, only the data the signed-in user is already authorized to see and the current conversation are sent to the model to generate a response, never data from other organizations, deleted records, or previous sessions. Your data is not used to train AI models, and Anthropic does not train on data submitted through its API. Organizations may instead connect their own AI provider key (bring-your-own), in which case AI runs under their own provider account. See the Privacy Policy for the full breakdown.

Access control and authentication

  • Single sign-on (SSO): sign in with Google or Microsoft.
  • Role-based access: organization admins, schedulers, providers, clients, and consumers each see only what their role allows, for example, a consumer never sees billing, and a client never sees provider pay.
  • Least privilege: internal access to production data is restricted to staff who need it, reviewed periodically, and revoked promptly on role change or departure.
  • All access to sensitive actions is logged.

Multi-tenant data isolation

Fido is multi-tenant: every organization operates in its own logically isolated environment on shared, continuously maintained infrastructure. One organization cannot see, query, or modify another organization’s data. Data is shared across organizations only when a provider or customer explicitly opts in through the Fido Network model, and only to the extent they choose.

Monitoring, logging, and incident response

We monitor for unauthorized access and anomalous activity, retain audit logs, and maintain a documented incident-response process covering detection, containment, remediation, and notification. If a security incident affects your data, we will notify affected customers without undue delay and in accordance with applicable law and contractual commitments.

Vulnerability management and testing

  • Third-party penetration testing on a recurring basis.
  • Automated dependency and vulnerability scanning in our development pipeline.
  • Prompt, risk-prioritized remediation of identified issues.

Backups and resilience

Encrypted backups are taken on an automated schedule and stored redundantly so we can restore service and data in the event of failure. Backup restoration is tested as part of our disaster-recovery program.

People and vendors

Staff with access to customer data are subject to background screening where permitted, sign confidentiality agreements, and complete security and privacy training. We use vetted subprocessors under data-protection agreements; a current list is in our Privacy Policy and available on request.

HIPAA (healthcare)

Where Fido is used to coordinate interpreting for healthcare providers, we can act as a Business Associate under HIPAA and will enter into a Business Associate Agreement (BAA). Protected Health Information is encrypted, access-controlled, and access-logged, and staff who may encounter it complete HIPAA training. Request a BAA at security@fetchfido.ai.

FERPA (education)

When school districts and educational institutions use Fido, we operate as a school-official-exception service provider under FERPA (20 U.S.C. § 1232g). Student education records are used only to provide the service, are never sold or re-disclosed, and are strictly isolated, one district can never see another’s data. We can support district vendor reviews and provide a completed HECVAT on request.

Responsible disclosure

If you believe you have found a security vulnerability, please email security@fetchfido.ai with the details. Please do not publicly disclose the issue until we have had a chance to address it. We commit to acknowledging your report promptly, keeping you updated, and crediting researchers who report responsibly.