Security

Fauna prioritizes security and compliance. Fauna is compliant with GDPR and SOC2 Type II. Fauna can be configured to meet HIPAA requirements.

All Fauna connections use HTTPS. Connections must use Transport Layer Security (TLS) version 1.2 or better. This ensures point-to-point encryption between your Fauna and your client application. Data uploaded to Fauna is encrypted at rest.

Fauna uses stateless, token-based authentication. Every query is an independently secured request to the Query HTTP API endpoint.

Fauna supports several methods for creating authentication tokens, including integration with external identity providers (IdPs).

Fauna supports both role-based access control (RBAC) and attribute-based access control (ABAC). In Fauna, you can use ABAC to dynamically change access at query time based on multiple attributes.

For more control, you can choose to only allow data access through server-side user-defined functions (UDFs). UDFs give you granular control over the way data is accessed and returned.

A Fauna database can have many child databases. Child databases can have their own child databases.

Each database is logically isolated from its peers, with separate access controls. Queries run in the context of a single database and can’t access data outside the database. This simplifies the process of building multi-tenant applications with strong isolation guarantees.

You can copy and deploy roles across databases using .fsl files and a CI/CD pipeline. See Manage schema with a CI/CD pipeline.

Fauna offers private endpoints that connect directly to your virtual private cloud (VPC). This lets you use Fauna without exposing your traffic to the Internet or other public networks.

Virtual Private Fauna lets you use Fauna in a single-tenant environment with no infrastructure management.

You can fully customize Virtual Private Fauna to meet your specific security and compliance needs. Virtual Private Fauna is available across a single region, multiple regions, or multiple clouds of your choice.