// Trust & Security Report

    Fibery Limited logo

    Fibery Limited

    No-code work management and project management platform with relational databases, automations, AI-assisted brainstorming (Fibery AI), and integrations. Available in Standard, Pro, and Enterprise tiers with workspace and group-level access controls.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    We have a SOC 2 Type II report performed by an independent auditing firm

    Verify on fibery.com
    GDPR
    HELD

    Fibery offers Data Processing Addendum as well as European Union Model Contractual Clauses

    Verify on fibery.com
    > Show 7 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification on vendor domain. Not mentioned in security page, privacy policy, or public documentation.

    source: fibery.com
    HIPAA
    NOT CONFIRMED

    you will not submit to the Service ... any patient, medical or other protected health information regulated by HIPAA

    source: fibery.com
    PCI DSS
    NOT CONFIRMED

    Payment processing handled through Braintree (third-party provider). Fibery does not directly manage or hold certifications for PCI compliance.

    source: fibery.com
    ISO 27017
    NOT CONFIRMED

    No public evidence of ISO 27017 certification on vendor domain.

    source: fibery.com
    ISO 27018
    NOT CONFIRMED

    No public evidence of ISO 27018 certification on vendor domain.

    source: fibery.com
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 certification. Product includes Fibery AI for brainstorming and task automation, but no AI-governance certifications disclosed.

    source: fibery.com
    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR certification on vendor domain.

    source: fibery.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    EU-oriented: Fibery Limited is registered in Cyprus, uses Standard Contractual Clauses for transfers, and names the Cyprus Data Protection Commissioner as its EU supervisory authority. Servers run on AWS EC2, but the specific AWS region and any multi-region residency options are not disclosed on the vendor domain (the cloud-security page states only that servers are in AWS EC2 data centers).

    Fibery offers Fibery AI for brainstorming and task automation. Privacy policy does not explicitly disclose whether customer workspace data is used to train AI models. No opt-out mechanism mentioned for AI training. This is a gap that warrants clarification.

    // Security controls

    Encryption in Transit

    TLS encryption with A+ rating on Qualys SSL Labs

    fibery.com

    Encryption at Rest

    All customer data encrypted at rest

    fibery.com

    Backups

    AWS RDS backup solution for datastores containing customer information

    fibery.com

    Activity Logging

    Activity logs stored via Elasticsearch

    fibery.com

    Access Controls

    Workspace-level and group-level permissions (Pro and Enterprise plans). SAML-based Single Sign-On (Pro and Enterprise). IP whitelisting available.

    fibery.com

    Infrastructure Provider

    Amazon Web Services (AWS) EC2 for compute. Twilio (SendGrid) for email delivery.

    fibery.com

    Data Retention

    Customer data removed within 6 months after subscription termination. Account owner information retained typically up to 6 years for legitimate business purposes.

    fibery.com

    Geographic Restrictions

    As of September 9, 2024, access blocked from: Russia, Belarus, Cuba, Iran, North Korea, Crimea, Sudan, and Syria.

    fibery.com

    // Products & data scope

    Fibery StandardWork Management / Project Management

    data: All workspace data. No health/medical data (HIPAA-regulated data prohibited).

    Entry-level tier. Includes relational databases, views (table, board, gallery, list, timeline, Gantt, calendar, report, map, feed, form, dashboard), automations, formulas, integrations, and Fibery AI.

    Fibery ProWork Management / Project Management

    data: All workspace data with enhanced access controls. SAML SSO, IP whitelisting available. No health/medical data (HIPAA-regulated data prohibited).

    Mid-market tier. Adds group-level permissions, SAML SSO, and IP whitelisting over Standard.

    Fibery EnterpriseWork Management / Project Management

    data: All workspace data with full access control granularity. No health/medical data (HIPAA-regulated data prohibited).

    Enterprise tier. Adds dedicated support and advanced administrative controls. Specific data-residency region options are not documented on the vendor domain.

    Fibery AIAI / Automation

    data: Workspace data (scope of training not disclosed)

    AI-assisted brainstorming and task automation feature. Privacy policy does not explicitly disclose whether workspace data is used to train Fibery AI models. No public opt-out documented.

    // What to watch

    • SOC 2 Type II certification is from December 2022, over 3 years old. Type II audits are typically renewed every 1-2 years. Vendor should publish current/renewed cert.
    • No ISO 27001 certification despite offering enterprise tiers. This is unusual for a growth-stage B2B SaaS platform targeting enterprises.
    • Fibery AI feature exists but privacy policy contains no disclosure of whether customer workspace data is used for AI model training. No opt-out mechanism documented. Requires clarification from vendor.
    • Not HIPAA-compliant and explicitly prohibits health/medical data. Limits use case in regulated healthcare sector.
    • Trust center is not a dedicated subdomain (e.g., trust.fibery.com) but a page within the main site (/security). This is acceptable but less standard than dedicated trust centers.

    // At a glance

    Pricing model

    Subscription-based SaaS with three tiers (Standard, Pro, Enterprise). Enterprise plans available with custom pricing and data residency options.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Fibery Limited's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    fibery.com

    > Browse all vendor trust reports