Fiyr ← Back to home

Last updated: May 28, 2026

Security

Protecting your business and customer data is central to Fiyr. This page summarizes the technical and organizational measures we use to safeguard the Services. For how we collect and use data, see our Privacy Policy.

1. Infrastructure

  • Production systems run on reputable cloud infrastructure with network isolation and monitoring.
  • Data in transit is encrypted using TLS (HTTPS) for web and API communications.
  • Data at rest is encrypted on servers and managed databases where supported by our providers.
  • Access to production environments is restricted to authorized personnel on a need-to-know basis, with logging and multi-factor authentication for administrative access.

2. Authentication and access control

  • Sign-in supports email and third-party identity providers (e.g., Apple, Google) via industry-standard authentication services.
  • Optional app-level PIN, Face ID, or Touch ID on supported devices adds a layer of protection on shared devices.
  • Role-based permissions let business owners control what staff members can view or change.
  • Session tokens are designed to expire; you should sign out on shared devices.

3. Application security

  • We follow secure development practices, including code review and dependency monitoring where feasible.
  • APIs require authentication for business data; we work to prevent unauthorized access and common web vulnerabilities.
  • The mobile app stores data locally using on-device databases for offline use; local data is protected by the operating system’s sandbox and your device passcode/biometrics.
  • Real-time sync is designed to reconcile changes securely when connectivity is restored.

4. Payments

Card payments processed through supported POS or terminal integrations are handled by PCI-compliant payment partners. Fiyr does not store full primary account numbers on our application servers. You must use payment hardware and flows approved by your payment provider.

5. AI receptionist

  • Call and SMS content used for booking is transmitted over encrypted channels to our platform and subprocessors.
  • Transcripts and booking outcomes are stored to provide the feature, improve reliability, and support your business records.
  • You control what business information the AI may reference (hours, services, FAQs). Do not include sensitive data you do not want processed by automated systems.

6. Personnel and vendors

Employees and contractors with access to systems undergo background checks where appropriate and receive security training. Subprocessors that process personal data on our behalf are bound by contractual confidentiality and security obligations. A list of key subprocessors is available on request at security@fiyr.app.

7. Incident response

We maintain procedures to detect, investigate, and respond to security incidents. If we become aware of a breach affecting your personal information, we will notify you and regulators as required by applicable law.

8. Your responsibilities

Security is shared. We recommend that you:

  • use strong, unique passwords and enable biometrics where available;
  • limit staff permissions to what each role needs;
  • keep devices and operating systems updated;
  • comply with applicable laws when collecting customer data and using call recording or SMS;
  • report suspected unauthorized access to security@fiyr.app promptly.

9. Responsible disclosure

If you believe you have found a security vulnerability in our Services, please report it to security@fiyr.app. Include enough detail for us to reproduce the issue. Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to remediate. We do not currently offer a paid bug bounty program but appreciate responsible reports.

10. Compliance

Fiyr is business software for appointment and payment management. We are not a HIPAA-covered entity or a payment card brand. Customers who must meet sector-specific requirements (e.g., healthcare, financial services) are responsible for evaluating whether Fiyr meets their compliance needs and configuring the product accordingly.

11. Contact

Security questions or reports: security@fiyr.app

Fiyr, Inc. · United States