Froniva touches your pricing, your customers, and your ERP. The posture below is what we owe you in return — short, factual, and the same on every page.
Froniva runs on Google Cloud Platform in europe-west4 — Eemshaven and Amsterdam, Netherlands. Every byte of customer data — your prices, your invoices, your CRM exports — is stored, processed, and backed up inside the EU. We do not replicate to US regions. We do not use US-based subprocessors for customer data storage.
TLS 1.3 in transit, AES-256 at rest. ERP credentials (Zoho OAuth refresh tokens, weclapp API keys, BMD endpoints) are encrypted per-tenant and never leave Google Secret Manager except in the moment of an authenticated API call. We do not log raw credential values, ever.
Every recommendation Froniva makes is pending approval until a human acknowledges it. Recommendations with a ≥15% delta against the current item rate require a second approver — a different user, recorded by name and timestamp — before they sync to your ERP. Smaller deltas need only the first approval. Nothing writes silently.
Every approval, every override, every sync to your ERP is logged with the recommending model run, the user who approved it, the user who second-approved (if applicable), the original item rate, the new item rate, and the timestamp. The audit log is exportable as CSV at any time. We retain it for the lifetime of the contract plus seven years; you can also pull a complete copy on offboarding.
Recommendations come from Anthropic Claude Sonnet 4.6 via the Anthropic API. We use the no-training-on-customer-data tier — your prices, your invoices, your CRM data are never used to train Anthropic's models or anyone else's. The model sees only the structured numeric inputs needed to issue a recommendation (channel prices, segment bands, your historical margins, the day's wholesale prints). It does not see customer names, contact details, contract terms, or anything that resembles personal data.
Valstan GmbH (Zurich, Switzerland) is the data controller. Customer-facing GDPR DPA is available on request and signed before any data exchange. The site you're reading uses Plausible Analytics — no cookies, no cross-site tracking, no personal data, EU-hosted. We don't use Google Analytics. We don't use Meta pixels. We don't run third-party advertising tags.
We are pre-SOC 2. The controls above (EU-only data residency, encryption, two-phase approval, full audit trail, no-training AI tier, no third-party trackers) are the substance of what SOC 2 Type II eventually attests to. Formal SOC 2 Type I is on the 2026 roadmap; ISO 27001 follows in 2027 once the first DACH cooperative deployments give us the production scale to defend the audit fee. We will publish the audit reports here when they exist; we will not claim them before they do.
Yours. Always. Your prices, your invoices, your CRM exports, your audit log, your scraper outputs — all of it remains your property. On contract end you receive a complete export within 30 days. We retain only what we are legally obligated to keep (fiscal records under Swiss + EU law); the rest is irrevocably deleted on confirmation.
If you find anything that looks like a vulnerability — in the platform, in this site, in our integrations — write to security@froniva.ai. We acknowledge within 24 hours and respond with a triage timeline within 72. Coordinated disclosure preferred; no bug bounty yet, but we credit publicly with permission and reciprocate seriously.
Last updated April 23, 2026 · This page changes when our posture changes. The full audit log of changes is on request to security@froniva.ai.