Compliance Made Easy

We don't mess around when it comes to paperwork (but don’t worry, we use digital signatures).

Get Started

SOC2 Type2 Report

Fly.io is independently audited, certified, and our hardware runs in ISO 27001 datacenters. Get a copy of our report and rest easy.

Business Associate Agreement

When you’re ready to start deploying HIPAA apps, you’ll need a BAA. Ours is pre-signed by Fly.io and will become active when you sign it. We also offer a BAA for Tigris Data directly. Learn more about BAAs here.

Data Processing Agreement

Users who need to comply with the EU's General Data Privacy Regulation (GDPR) will need a Data Processing Agreement. Ours is pre-signed by Fly.io and will become active when you sign it. Learn more about DPAs here.

Security Questionnaires

Get your security questions (or your clients') answered without a lot of legwork or research. We'll give you the answers so you can get back to shipping features.

Compliance Assistance

Need to ask something more in-depth? Get access to a compliance email address, so we can walk you through whatever you need to know.

Trusted by teams at

  • Wireguard/VPN

    Everything on our platform is connected via a WireGuard mesh: a next-generation in-kernel VPN designed by vulnerability researchers for simplicity, auditability, and modern cryptography.

    Learn More

  • Default-Deny Public Networking

    With routable IPv6 addresses and shared IPv4 addresses, nothing on your app is exposed unless you ask us to expose it. You’re locked down by default.

    Learn More

  • Hardened Hosting

    Apps on Fly.io run inside Firecracker, a memory-safe KVM hypervisor. We turn container images from our users into VMs, for full, no-shared-kernel isolation between applications.

    Learn More

  • SSO and MFA for Free

    Support for single-sign on and standard multifactor authentication apps come standard with Fly.io.

    Learn More