Diwali offer50% off your first 3 months · free migration · ends 15 Nov
A
AskFitness
SECURITY

Enterprise security, built in from day one

Your data and your members' data is protected with the highest security standards in the industry — independently audited and certified.

CERTIFICATIONS

Independently audited & certified

🔒
SOC 2 Type II
Annual audit by Deloitte
View certificate →
🇪🇺
GDPR Compliant
Full EU data protection compliance
View certificate →
📋
ISO 27001
Certified information security management
View certificate →
💳
PCI DSS Level 1
For payment data processing
View certificate →
PROTECTION

A layered security model

Protecting every surface of the platform — from database to API to browser.

🔐

AES-256 Encryption

All data encrypted at rest using AES-256, in transit with TLS 1.3. End-to-end protection for every byte of your data.

🕵️

Zero-Knowledge Architecture

Your data is never accessible to our engineers without explicit audit-logged authorization. Privacy by design, always.

🌐

Multi-Region Redundancy

Primary: Mumbai, secondary: Singapore. 99.99% uptime SLA with automatic failover and real-time replication.

🛡️

Role-Based Access Control

Granular permissions down to feature level. SSO with Okta, Google Workspace, Azure AD. MFA enforced for all accounts.

📝

Immutable Audit Logs

Every action logged with timestamp, IP, user and device. Immutable, exportable logs for compliance and forensic review.

🔍

Penetration Testing

Quarterly pen tests by CERT-In empanelled firms. Bug bounty program via HackerOne with responsible disclosure policy.

INFRASTRUCTURE

World-class infrastructure

AskFitness runs on AWS Mumbai (ap-south-1) with multi-AZ deployment for high availability. Our primary region ensures compliance with Indian data residency requirements, while our Singapore region provides geo-redundancy.

All infrastructure is managed as code using Terraform, with immutable deployments and automated rollbacks. We maintain a 30-day disaster recovery point objective (RPO) and a 1-hour recovery time objective (RTO).

Our security operations center monitors 24/7 with automated threat detection powered by AWS GuardDuty and a dedicated SIEM platform.

Platform stats
99.99%
Uptime SLA
last 12 months
<50ms
Avg response time
global P95
0
Data breaches
since founding
4
Security audits
per year
BUG BOUNTY

Found a vulnerability?

We reward responsible disclosure. Report security issues through our HackerOne program or contact our security team directly.

security@askfitness.io →

Questions about our security posture?

Talk to our security team. We're happy to share full documentation, audit reports and answer any questions you have.

Contact Security Team →