Security at Fixly
Fixly is built for the security expectations of public-sector buyers. This page summarizes our controls; a full security packet (SIG, CAIQ, pen-test summary) is available under NDA.
- SOC 2 Type II program in place
- SSO via SAML and OpenID Connect
- Role-based access control with full audit logs
- TLS 1.2+ in transit, AES-256 at rest
- Annual third-party penetration testing
Controls
The controls that matter to procurement
Encryption
TLS 1.2+ for data in transit and AES-256 for data at rest. Keys managed by our cloud provider's KMS.
Identity & access
SAML and OIDC SSO, SCIM provisioning, RBAC, MFA enforcement and session controls.
Auditability
Immutable audit logs of every administrative and data-access action, exportable on demand.
Compliance
SOC 2 Type II in progress. Alignment with NIST 800-53 control families relevant to municipal customers.
Data residency
Where your data lives
Customer data is hosted in the region you select at onboarding. Regional data residency is available for qualifying customers, including dedicated tenancy options for high-sensitivity workloads.
Incident response
When something goes wrong
We maintain a 24/7 on-call rotation for security incidents. Customers receive notification within the timelines defined in our DPA, with a written post-incident report for any confirmed breach.
Ready to modernize your city operations?
Join the cities making service requests faster, transparent, and measurable.