Frugal Public Trust Center
Explore our security practices, compliance certifications, and data protection measures. We believe transparency is the foundation of trust.
Security at a Glance
SOC 2 Type II
Security, Availability, Confidentiality
Encrypted at Rest
AES-256 encryption
TLS 1.2+
All external connections
SSO / RBAC
Federated identity & default-deny access
Zero AI Training
Your data never trains models
Tenant Isolation
Dedicated environment per customer
Source Code Protection
How Frugal Safeguards Your Source Code
Frugal reads your source code to attribute cloud costs to the code that drives them. Here's how we protect it.
1
Scoped Access
You Choose What We Can See
You choose which repositories to connect. Frugal only accesses what you explicitly grant, using read-only credentials or short-lived installation tokens. Repositories are cloned over HTTPS (TLS 1.2+). Frugal cannot push code, merge pull requests, modify branches, or change repository settings.
2
Isolated Storage
Encrypted, Isolated, Deleted in 72 Hours
A deterministic (non-AI) task clones the repository into an isolated container with its own dedicated encrypted volume. Each clone gets its own volume — no shared storage between tasks or tenants. All volumes are encrypted at rest (AES-256).
Your source code is never stored in Frugal's database — only structured analysis results are persisted. Cloned repositories are automatically deleted 72 hours after creation, and may be deleted sooner through normal operations. All customer data lives within a dedicated namespace that can be fully destroyed on request, removing all source code, credentials, and results in a single operation.
3
Sandboxed Analysis
AI Never Gets Your Credentials
Your source code is processed by two types of Frugal tasks: deterministic analysis tasks and AI-assisted analysis tasks. Both run in isolated containers that are non-root, unprivileged, and destroyed after task completion. All Frugal code is developed under our SDLC with risk-based review and approval controls — including peer review, automated analysis, and security scanning — and CI checks.
There are additional controls for AI tasks. AI tasks run in a separate container and receive a read-only mount of the cloned repository. AI containers never receive your credentials — your tokens and keys are used by the orchestration layer only. AI containers cannot reach the internet directly — outbound traffic is restricted to a domain allowlist of required endpoints only. All other traffic is blocked.
Source code is sent to the AI model for analysis under a zero-retention agreement. The model provider may not train on your content, does not have access to prompts or outputs, and disclaims any rights to your content.
4
Restricted Access
No Ad-Hoc Access to Your Code
Your source code is stored on encrypted volumes inside a private cluster with no public endpoints. Direct access to the production cluster is limited to designated engineers with a specific operational need; all infrastructure changes go through peer-reviewed Infrastructure as Code with short-lived federated credentials. There is no ad-hoc path to access, copy, or extract data from the volumes holding your source code outside of the application's controlled processing pipeline.
At the application layer, Frugal employees may access your tenant via approved Forward Deployed Engineer accounts or time-limited, audited support impersonation sessions — but neither provides a direct path to cloned source code on disk.
Tenant Isolation
Your Data Lives in Its Own World
Every customer gets a fully isolated environment — separated at every layer of the stack.
Dedicated Environment
Your workloads run in a separate namespace with dedicated resource quotas.
Network Isolation
Default-deny network policies block all cross-tenant traffic.
Separate Database
Your data lives in its own database instance with dedicated credentials.
Isolated Credentials
Your connector secrets are scoped and separated from other tenants.
Dedicated Identity
Each tenant has its own service accounts and IAM bindings.
Access Control
Default-deny access control checked on every request before business logic executes.
Security by Design
Security Built Into Everything We Do
Our platform is architected around five non-negotiable security principles.
Tenant-level isolation
Each customer is a separate tenant with isolation enforced across the application, storage, and network layers.
Read-only system access
Least-privilege access to your source code, cloud billing, and observability data. We publish scripts to make provisioning explicit and auditable.
Fully sandboxed AI execution
AI agents run in isolated containers without your credentials. We fetch data using deterministic code first, then hand only the results to AI for analysis.
You control every change
No automated changes to your systems. Frugal Fixes require your review and are applied via PR using your own GitHub/GitLab identity.
Standards-based identity and SSO
SSO and identity federation are delegated to a specialist identity provider. No Frugal-managed passwords or user credential storage.
Organizational Security
How We Run a Secure Organization
Formal policies, continuous compliance, and a security-aware culture across the company.
Secure Development Lifecycle
Risk-based review and approval controls on all changes — including peer review, automated analysis, and security scanning — with branch protection enforced on production repositories. Static analysis and dependency scanning on code and container images. CI/CD authenticates via short-lived federated credentials — no long-lived keys. Application containers run non-root with privilege escalation disabled.
Logging, Detection, and Response
Structured logging with allowlist-based secret masking — sensitive values are never logged. Severity-based incident classification with defined resolution targets. Emergency response team mobilised for major incidents. Post-incident reviews with root cause analysis for significant events.
Risk and Vendor Management
Quarterly risk assessments evaluating likelihood and impact. Tracked risk register with treatment plans for Medium-rated risks and above. All third-party vendors assessed before onboarding.
Audits and Compliance
SOC 2 Type II attestation (Security, Availability, Confidentiality) with unqualified opinion. Continuous compliance automation and centralized oversight. All policies reviewed at least annually.
Business Continuity and Disaster Recovery
Formal DR and BCP plans tested and reviewed at least annually. Defined recovery time and recovery point objectives. Stateless application architecture with automatic infrastructure scaling and node replacement.
Endpoint and Personnel Security
Company-issued devices with endpoint protection, disk encryption, and screen lock enforced. Mandatory security awareness training for all employees.
Resources
More Resources
Access our compliance documentation and engage our security team directly.
SOC 2 Type II Report
Independently audited (Jul–Sep 2025). Covers Security, Availability, and Confidentiality. Unqualified opinion, no exceptions. Available on request under NDA.
Customer Trust Center →Security Questionnaires
We complete SIG, CAIQ, and custom security questionnaires. Architecture review calls available with your infosec team on request.
Get in touch →Penetration Testing
Frugal engages an external penetration tester on a regular basis. Results are available to customers and prospects on request under NDA.
Customer Trust Center →Vulnerability Disclosure Policy
If you believe you've found a security vulnerability in Frugal, we want to hear from you. Our disclosure policy outlines how to report responsibly and what to expect.
View policy →Questions About Security?
Our team is available for security architecture reviews, questionnaire completion, and compliance discussions.
