Your numbers are the business. We treat them that way.
Franc Business holds your client list, contracts and margins — the most sensitive data an agency has. Here is, concretely and without marketing fog, how it's protected.
Strict workspace isolation
Every record belongs to exactly one workspace. Isolation is enforced in the data layer on every single query — reads are filtered, writes are stamped and verified — not just hidden in the interface. One agency can never see another agency's data.
Data hosted in the European Union
The production database runs in Frankfurt, Germany (EU region), with encrypted storage and automated backups. GDPR isn't an afterthought — the platform was architected for EU data residency from day one.
Encryption in transit and at rest
All traffic is HTTPS/TLS. Sessions use encrypted, httpOnly, secure cookies. Passwords are stored only as bcrypt hashes — we couldn't read them if we wanted to.
Brute-force & abuse protection
Failed logins are rate-limited per account and per IP. Sign-ups are protected by layered bot defenses and per-IP limits. Security events are logged with hashed IP addresses — protection without surveillance.
Suspension & audit controls
Platform-level administrative actions are logged with who/what/when. Workspace access is validated on every request — revoked access takes effect immediately, not at next login.
Your data stays yours
Export your workspace data or request full deletion at any time — it's in our Terms, not just our marketing. Financial figures are explainable down to the entry that produced them.
Sub-processors
Vercel (application hosting & CDN) · Neon (managed PostgreSQL, EU-Frankfurt) · Stripe (payments — card data never touches our servers) · Resend (transactional email). Full details in our Privacy Policy.
Found a vulnerability?
We welcome responsible disclosure. Write to support@franc.business with details and we'll respond promptly. Please don't access data that isn't yours while testing.