Public Security Documentation

There are lots of articles about how to use Fauna securely, but what I’d also like to see is a page detailing the security practices of Fauna the company and product itself. Lots of companies have a “Security” link at the footer of their homepages, so maybe https://fauna.com/ could have one near “Features” and “Pricing.”

It would go a long way to establishing trust for Fauna’s customers (and if B2B, Fauna’s customers’ customers). Ideally it could outline things like:

  • Encryption in-transit and at-rest?
    • I’ve seen forum posts, but no official documentation of this.
  • Certifications such as SOC2, ISO, etc.
  • Internal practices, software development lifecycle, etc.
  • Penetration testing, either results or at least frequency
  • Subprocessors
  • Backup strategy