Enterprise-Grade Trust & Security
Your data is protected by AES-256 encryption, infrastructure built on certified platforms, and AI-powered monitoring that never sleeps.
Certified Infrastructure
Built on SOC 2 Type II certified platforms including Supabase, Vercel, and Railway
End-to-End Encryption
AES-256 encryption at rest and TLS 1.3 in transit protect your data at every stage
AI-Powered Monitoring
Dedicated AI agents perform hourly health checks, automated backups, and real-time anomaly detection
Infrastructure Compliance
Fathom is built on infrastructure from partners who maintain rigorous, independently audited security certifications.
Database & Authentication — Supabase
SOC 2 Type II · HIPAA Eligible
Customer data is stored in Supabase, which maintains SOC 2 Type II certification and HIPAA eligibility. Row-level security enforces strict tenant isolation.
Application Infrastructure — Railway
SOC 2 Type II Certified
API servers and data processing pipelines run on Railway, a SOC 2 Type II certified platform with private networking and encrypted connections.
Edge Network & CDN — Vercel
SOC 2 Type II · ISO 27001
Application delivery through Vercel, which holds ISO 27001 and SOC 2 Type II certifications, with automatic HTTPS and DDoS protection.
Payment Processing — Stripe
PCI-DSS Level 1 Certified
All payment data is handled by Stripe, a PCI-DSS Level 1 certified processor. Fathom never stores credit card numbers.
Detailed compliance documentation and vendor security assessments available upon request during the sales process. Infrastructure partner audit reports available under NDA.
Data Protection Architecture
Security is built into every layer — from network transport to database storage, with zero-trust principles throughout.
Encryption at Rest
AES-256All stored data is encrypted using AES-256 — the same standard used by government agencies and financial institutions worldwide.
Encryption in Transit
TLS 1.3Every data transmission is secured with TLS 1.3, the latest transport layer security protocol, preventing interception and tampering.
Tenant Isolation
Row-Level SecurityEach manufacturer's data is logically isolated at the database level using row-level security policies. Your data is completely invisible to other tenants.
Access Control
RBACRole-Based Access Control with token-based authentication ensures users only see data they're authorized to access. Every API call is authenticated and logged.
What We Process
- Publicly available business data (practice names, addresses, websites)
- AI-generated prospect scores and sales intelligence
- Rep search queries and platform usage data
- Business contact information from public sources
What We Never Store
- Protected Health Information (PHI) — no patient data, ever
- Social Security numbers or government IDs
- Credit card numbers (handled exclusively by our PCI-DSS certified payment processor)
- Personal medical records or treatment data
Your Data Doesn't Just Sit There. It's Actively Guarded.
Most platforms encrypt your data and call it a day. We run automated AI monitoring systems that watch account health and infrastructure integrity around the clock.
Quinn
Client Success Agent
Quinn monitors account health daily — tracking rep adoption, flagging usage anomalies, and generating proactive reports before issues become problems.
- Daily account health monitoring
- Rep usage tracking and adoption alerts
- Automated weekly performance reports
- Proactive support escalation
Pulse
Infrastructure Monitor
Pulse runs hourly health checks across every system, verifies backups daily, and triggers instant alerts the moment anything looks unusual.
- Hourly platform health checks
- Automated daily backup verification
- Real-time anomaly detection
- Instant SMS incident alerts
Questions About Security?
We're happy to walk your IT or compliance team through our security architecture, provide documentation, or answer any questions about how we protect your data.
Security documentation available upon request • Infrastructure partner audit reports available under NDA