Skip to content

Security & Compliance

We keep your data secure.
Ensuring the security and confidentiality of our customers’ data is the number one priority at FreeAgent. The FreeAgent Trust Program encompasses and represents the security, compliance, and privacy controls and features that protect our customers’ most sensitive data.

Our Security Program

Our security program is driven not only by a strong culture of security but also by a comprehensive set of policies and procedures that govern and guide our day-to-day activities. FreeAgent has adopted a zero trust strategy.

To learn more about FreeAgent’s Security and Compliance, you can download the document here:

Security & Compliance Overview

ISO 27001

CSA STAR Level 1

Google OAuth Compliance

Data Security

Security matters.
We’ve invested in a better way to protect and safeguard your data. We encrypt your data in-transit and at-rest and use Amazon VPC private subnets.

In-Transit Data Encyption

Encryption in transit. All inbound/outbound communication outside of our private data network is always encrypted using secure TLS 1.2/1.3 protocols.

At-Rest Data Encyption

Encryption at REST. Data stored on servers in our private network are always encrypted using secure AWS KMS technology with keys that are periodically rotated, ensuring physical access to disk storage is completely secured.

Continuous Backups

FreeAgent Data is continuously backed up and available to be restored in case of potential data loss. Backups are securely stored at REST using AWS KMS technology.

Data Isolation

Each customer’s data is logically separated from one another in a manner that data never co-exists, ensuring a high level of isolation.

Data Integrity

Data stored in FreeAgent is continually replicated, storing 6 copies of data across 3 separate data centers, ensuring high levels of data durability.


Continuous Uptime

No Scheduled maintenance downtime, our customers can expect service to be up 24/7 throughout the year.

Redundant Backup

Compute and Data infrastructure is architected to be redundant across physical data center locations, ensuring completely automated disaster recovery for our customers.

Monitored Response Times

The FreeAgent platform ensures sub-second response times for >95% of our requests we continually monitor and publish metrics at:

Operational Security

Threat Detection

All network traffic to our data centers are continually audited and monitored using advanced intelligent threat detection software.

Policy Management

Strict policies in place for infrastructure configuration management, which are continually monitored with automated alerts for any breaches in established policies.

Consistent Security Audits

We use a combination of automated and periodic 3rd party penetration testing performed by vendors to minimize vulnerabilities.

Application Security

Secure your data from internal risks with custom roles and ACLs. 

Simple Security Setup

The FreeAgent platform provides one of the most advanced and easy to set up security controls for our customers, with no impact on performance. A feature unique to FreeAgent in the CRM industry.

Record Level Access

Read, Create, Update, and Delete operations are based on advanced conditional filters for controlling access to the subset data.

Field level Access

Access and modification operations can be controlled for sensitive data within records themselves.

Role Specific Configuration

Access to navigation, form rules, and automations. All of our platform configurations can be customized to apply to specific sets of roles.

Team Configuration

Hierarchical data visibility setup via teams. Ensure data access is logically separated across different teams in your organization.

Compliance Certifications

ISO 27001 Certification

At FreeAgent, we are committed to maintaining a strong information security practice that aligns with industry standards. Our information security framework is based on the ISO 27001:2013 standard, which serves as a comprehensive guide for establishing, implementing, maintaining, and continually improving information security management systems.

We are proud to announce that FreeAgent has achieved ISO 27001 certification, validating our adherence to this globally recognized standard. This certification demonstrates our dedication to protecting the confidentiality, integrity, and availability of information assets, as well as our commitment to maintaining the highest levels of information security across our organization.

As part of this certification, FreeAgent undergoes an annual external audit conducted by independent third-party auditors. This audit process rigorously assesses our information security management systems and practices against the ISO 27001:2013 standard, ensuring the ongoing effectiveness and continuous improvement of our information security controls. This annual external audit further reinforces our dedication to maintaining a robust and secure environment for our customers' data.

You can request our ISO 27001 certificate by visiting the following link:

Request Certification
CSA STAR Level 1 Compliant

FreeAgent proudly holds CSA Start Level 1 certification, demonstrating our commitment to maintaining secure and reliable SaaS services.

This certification validates our adherence to industry best practices and ensures the protection of customer data.

For more information or to request our certification, visit:

Request Certification
GDPR Compliant

At FreeAgent, we place a strong emphasis on compliance with data protection regulations, particularly the General Data Protection Regulation (GDPR). We have implemented robust measures to ensure that our practices align with the requirements outlined in the GDPR.

Furthermore, FreeAgent undergoes an annual attestation against GDPR regulations conducted by an independent third-party auditor. This attestation process thoroughly evaluates our adherence to the principles and obligations set forth by the GDPR, such as data subject rights, lawful basis for processing, data protection impact assessments, and data breach notifications. By subjecting ourselves to this annual assessment, we demonstrate our commitment to maintaining the highest standards of data protection and privacy for our customers.

You can request our attestation certificate by visiting the following link:

Request Certification
HIPAA Compliant (BAA Included) BAA Included

FreeAgent is compliant with the Health Insurance Portability and Accountability Act (HIPAA). We understand the importance of protecting sensitive healthcare information, and we have implemented comprehensive measures to ensure HIPAA compliance throughout our organization.

To further validate our commitment to maintaining the highest standards of data protection in the healthcare industry, FreeAgent undergoes an annual attestation conducted by an independent third-party auditor. This attestation process thoroughly assesses our adherence to the privacy, security, and breach notification provisions of HIPAA. By regularly undergoing these assessments, we continuously strive to uphold the privacy and security of protected health information (PHI) and demonstrate our unwavering commitment to HIPAA compliance.

You can request our attestation certificate by visiting the following link:

Request Certification
Google OAuth Compliance

FreeAgent prioritizes the security of our customers' integration data. As part of our commitment, we regularly undergo compliance assessments with integration partners like Google.

This ensures that our integration processes are fully compliant with Google OAuth standards, providing a secure environment for our customers' data.

You can request our attestation certificate by visiting the following link:

Request Certification