Security and trust

Clear security posture without inflated claims.

This page separates what Frugine has available today from what requires a sales-led review or remains on the roadmap.

Available now

Operational controls already visible in the product.

Available now

Account-based workspace access

Frugine uses Supabase authentication for signed-in workspaces. Public pages remain separate from authenticated dashboard, credits, profile and app routes.

Available now

Shared credit ledger

Paid and consumed credits are recorded through the shared Frugine wallet and ledger path, so usage can be reviewed instead of hidden inside one-off payments.

Available now

Usage and cost visibility

Pricing pages show active credit consumption examples from current rules. Product surfaces expose shared credits and usage-oriented workflow controls.

Available now

Human approval pattern

Frugine positions sensitive workflow actions, such as high-value refunds or policy exceptions, behind human review instead of silent autonomous execution.

Available now

Gateway-based API boundary

Supabase functions are organized behind a gateway pattern for public, authenticated and service-role capabilities, reducing scattered public entry points.

Available now

Production route protection

Authenticated product routes stay behind login. For example, OriginRender redirects unauthenticated visitors to sign in before opening the workspace.

Data handling

What the public site can safely state today.

Provider and data-flow details should stay specific and current. The table below reflects visible code and product architecture, not a blanket compliance claim.

AI gateway
Airaptor gateway is used for graph-backed AI capabilities.
Model providers
Current code references Google Gemini models and selected OpenAI-backed capabilities.
Payments
Stripe Checkout and webhook processing support credit top-ups.
Database and auth
Supabase provides authentication, database and storage foundations.
Sales-led review

Enterprise details that should be scoped before rollout.

Sales-led

Security review packet

Enterprise buyers can request a sales-led security review covering data flows, workspace setup, implementation scope and procurement requirements.

Sales-led

Retention and deletion review

Retention periods, deletion requirements and customer-specific data handling should be reviewed during pilot scoping until public self-serve controls are productized.

Sales-led

Dedicated environment discussion

Dedicated environments are not presented as a self-serve feature. They are handled as an enterprise discussion when deployment constraints require it.

Roadmap and non-claims

No certification shortcuts.

Roadmap

SOC 2 readiness

SOC 2 readiness is in progress. Frugine does not claim a completed SOC 2 audit or certification on this website.

Roadmap

SSO and advanced RBAC

SSO, granular role-based access controls and longer retention policies are positioned as team or enterprise planning items, not current self-serve defaults.

Roadmap

Public DPA and subprocessor page

A public data processing agreement, storage-region statement and model-provider list should be published before claiming broad enterprise compliance coverage.

Not claimed
  • Frugine does not claim completed SOC 2 certification.
  • Frugine does not claim self-serve SSO availability.
  • Frugine does not claim a public DPA is already published.
  • Frugine does not claim private deployment is available without sales review.

Need a security review for a pilot?

Share the workflow, integrations and deployment constraints before committing to a production rollout.

Contact Frugine