// Trust & Security Report
Fibery Limited
No-code work management and project management platform with relational databases, automations, AI-assisted brainstorming (Fibery AI), and integrations. Available in Standard, Pro, and Enterprise tiers with workspace and group-level access controls.
Certifications held
2
Maturity
Growth
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on fibery.com“We have a SOC 2 Type II report performed by an independent auditing firm”
Verify on fibery.com“Fibery offers Data Processing Addendum as well as European Union Model Contractual Clauses”
> Show 7 unconfirmed / not-held certifications
source: fibery.comNo public evidence of ISO 27001 certification on vendor domain. Not mentioned in security page, privacy policy, or public documentation.
source: fibery.comyou will not submit to the Service ... any patient, medical or other protected health information regulated by HIPAA
source: fibery.comPayment processing handled through Braintree (third-party provider). Fibery does not directly manage or hold certifications for PCI compliance.
source: fibery.comNo public evidence of ISO 27017 certification on vendor domain.
source: fibery.comNo public evidence of ISO 27018 certification on vendor domain.
source: fibery.comNo public evidence of ISO/IEC 42001 certification. Product includes Fibery AI for brainstorming and task automation, but no AI-governance certifications disclosed.
source: fibery.comNo public evidence of CSA STAR certification on vendor domain.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
EU-oriented: Fibery Limited is registered in Cyprus, uses Standard Contractual Clauses for transfers, and names the Cyprus Data Protection Commissioner as its EU supervisory authority. Servers run on AWS EC2, but the specific AWS region and any multi-region residency options are not disclosed on the vendor domain (the cloud-security page states only that servers are in AWS EC2 data centers).
Fibery offers Fibery AI for brainstorming and task automation. Privacy policy does not explicitly disclose whether customer workspace data is used to train AI models. No opt-out mechanism mentioned for AI training. This is a gap that warrants clarification.
// Security controls
Access Controls
Workspace-level and group-level permissions (Pro and Enterprise plans). SAML-based Single Sign-On (Pro and Enterprise). IP whitelisting available.
fibery.comInfrastructure Provider
Amazon Web Services (AWS) EC2 for compute. Twilio (SendGrid) for email delivery.
fibery.comData Retention
Customer data removed within 6 months after subscription termination. Account owner information retained typically up to 6 years for legitimate business purposes.
fibery.comGeographic Restrictions
As of September 9, 2024, access blocked from: Russia, Belarus, Cuba, Iran, North Korea, Crimea, Sudan, and Syria.
fibery.com// Products & data scope
data: All workspace data. No health/medical data (HIPAA-regulated data prohibited).
Entry-level tier. Includes relational databases, views (table, board, gallery, list, timeline, Gantt, calendar, report, map, feed, form, dashboard), automations, formulas, integrations, and Fibery AI.
data: All workspace data with enhanced access controls. SAML SSO, IP whitelisting available. No health/medical data (HIPAA-regulated data prohibited).
Mid-market tier. Adds group-level permissions, SAML SSO, and IP whitelisting over Standard.
data: All workspace data with full access control granularity. No health/medical data (HIPAA-regulated data prohibited).
Enterprise tier. Adds dedicated support and advanced administrative controls. Specific data-residency region options are not documented on the vendor domain.
data: Workspace data (scope of training not disclosed)
AI-assisted brainstorming and task automation feature. Privacy policy does not explicitly disclose whether workspace data is used to train Fibery AI models. No public opt-out documented.
// What to watch
- SOC 2 Type II certification is from December 2022, over 3 years old. Type II audits are typically renewed every 1-2 years. Vendor should publish current/renewed cert.
- No ISO 27001 certification despite offering enterprise tiers. This is unusual for a growth-stage B2B SaaS platform targeting enterprises.
- Fibery AI feature exists but privacy policy contains no disclosure of whether customer workspace data is used for AI model training. No opt-out mechanism documented. Requires clarification from vendor.
- Not HIPAA-compliant and explicitly prohibits health/medical data. Limits use case in regulated healthcare sector.
- Trust center is not a dedicated subdomain (e.g., trust.fibery.com) but a page within the main site (/security). This is acceptable but less standard than dedicated trust centers.
// At a glance
Pricing model
Subscription-based SaaS with three tiers (Standard, Pro, Enterprise). Enterprise plans available with custom pricing and data residency options.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Fibery Limited's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
fibery.com