Fctr Identity
Trust Center

Security is our product,
not an afterthought.

Fctr Identity is built on a Zero-Data architecture focused on minimizing retained sensitive data, with tiered retention of 1-day runtime logs, 30-day masked audit metadata, and 3-year hashed billing metrics.

In-memory identity processing
PII-masked audit metadata retained for 30 days
Hosted on Google Cloud Platform in the United States

Zero-Data Architecture

Fctr Identity Portal is designed to avoid storing raw end-user identity data or credentials at rest. Identity data is retrieved in real time from your Identity Provider (Okta or Entra ID), processed in-memory for verification, and discarded at session end. Fctr retains only limited operational records: runtime logs for approximately 1 day, masked audit and request metadata for approximately 30 days, and hashed billing identifiers for approximately 3 years.

Compliance & Infrastructure

Compliance Posture

NIST 800-63B AAL2 Enforced
SOC 2 Controls Aligned
GDPR DPA Available
CCPA Privacy Controls

Infrastructure Sub-processors

Google Cloud Platform SOC 2 Type II
Cloudflare SOC 2 Type II

Security Controls & Enforcement

Continuously Enforced

Data Security

Zero-Data Architecture — No Raw Identity Data at Rest
PII Shielding at Application Layer
In-Memory Processing Only

Audit & Logging

Structured, PII-Masked Audit Logs
Managed Google Cloud Logging & Storage
Tiered retention: 1-day runtime logs, 30-day masked audit metadata, 3-year hashed billing metrics

Authentication & Access

NIST 800-63B AAL2 Enforcement
SAML 2.0 / OIDC Single Sign-On
Time-Limited MFA Verification Sessions
Granular RBAC Permission Tiers
Least-Privilege API Token Scopes

Network & Vulnerability Defenses

Cloudflare Edge / DDoS Protection
Rate Limiting on All Endpoints
HSTS, CSP, X-Frame-Options Headers
SAST & SCA (CodeQL, Snyk, Dependabot)
SBOM Generation via Dependency Graph

Integrations

Okta Integration Network
Listed & verified integration
Microsoft Entra ID
Supported — Graph API & MSAL
SAML 2.0 / OIDC
Supported — enterprise SSO

Published Policies & Resources