Add Security page for enterprise security teams #2068
Conversation
- Created new Security section in docs navigation - Added comprehensive security overview page covering: - Data storage and privacy (cookie-based, no server persistence) - Authentication and API key injection security model - Open-source transparency for security audits - Self-hosted deployment options - Security best practices This page addresses common security concerns from enterprise teams evaluating Fern's authentication and API key injection features. Co-Authored-By: Catherine Deskur <catherine@buildwithfern.com>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
|
||
| ## Data storage and privacy | ||
|
|
||
| Fern does not persist or store user-sensitive information on our servers. When authentication features like [API key injection](/learn/docs/api-references/autopopulate-api-key) or [RBAC](/learn/docs/authentication/rbac) are enabled, user credentials and tokens are handled exclusively through browser cookies. |
There was a problem hiding this comment.
🚫 [vale] reported by reviewdog 🐶
[Microsoft.Contractions] Use 'doesn't' instead of 'does not'.
|
|
||
| ## Data storage and privacy | ||
|
|
||
| Fern does not persist or store user-sensitive information on our servers. When authentication features like [API key injection](/learn/docs/api-references/autopopulate-api-key) or [RBAC](/learn/docs/authentication/rbac) are enabled, user credentials and tokens are handled exclusively through browser cookies. |
There was a problem hiding this comment.
📝 [vale] reported by reviewdog 🐶
[FernStyles.We] Try to avoid using first-person plural like 'our'.
|
|
||
| ## Security best practices | ||
|
|
||
| When implementing Fern's authentication features, we recommend: |
There was a problem hiding this comment.
📝 [vale] reported by reviewdog 🐶
[FernStyles.We] Try to avoid using first-person plural like 'we'.
|
|
||
| ## Questions or concerns | ||
|
|
||
| If your security team has additional questions or concerns about Fern's security model, please contact us at [support@buildwithfern.com](mailto:support@buildwithfern.com). We're happy to provide additional documentation, participate in security reviews, or discuss your specific requirements. |
There was a problem hiding this comment.
[FernStyles.Please] Avoid using 'please' in technical documentation.
|
|
||
| ## Questions or concerns | ||
|
|
||
| If your security team has additional questions or concerns about Fern's security model, please contact us at [support@buildwithfern.com](mailto:support@buildwithfern.com). We're happy to provide additional documentation, participate in security reviews, or discuss your specific requirements. |
There was a problem hiding this comment.
📝 [vale] reported by reviewdog 🐶
[FernStyles.We] Try to avoid using first-person plural like 'We'.
- Fix MDX parse error in cli-changelog/2025-11-14.mdx by escaping curly braces
- Rename 'Security best practices' to 'Implementation recommendations'
- Add changelog entry for new Security page (2025-11-17.mdx)
The parse error was blocking all builds and was unrelated to the Security
page changes. The curly braces in {API name} needed to be escaped for MDX.
Co-Authored-By: Catherine Deskur <catherine@buildwithfern.com>
| @@ -0,0 +1,13 @@ | |||
| ## New Security page | |||
There was a problem hiding this comment.
📝 [vale] reported by reviewdog 🐶
[FernStyles.Headings] 'New Security page' should use sentence-style capitalization.
| @@ -0,0 +1,13 @@ | |||
| ## New Security page | |||
|
|
|||
| We've added a comprehensive Security page to help enterprise security teams understand how Fern handles user credentials, authentication, and data storage. | |||
There was a problem hiding this comment.
📝 [vale] reported by reviewdog 🐶
[FernStyles.We] Try to avoid using first-person plural like 'We'.
devin-ai-integration
bot
changed the title
Add Security page for enterprise security teams
Summary
Added a new Security section to the documentation with a comprehensive overview page addressing common security concerns from enterprise security teams evaluating Fern's authentication features. The page covers data storage/privacy (cookie-based, no server persistence), authentication flows (JWT/OAuth), open-source auditability, self-hosted options, and implementation recommendations.
Also fixed an unrelated MDX parse error in
cli-changelog/2025-11-14.mdxthat was blocking all builds (pre-existing issue from recent changelog update).Review & Testing Checklist for Human
/learn/docs/api-references/autopopulate-api-key/learn/docs/authentication/rbac/learn/docs/enterprise/self-hostedfern-api/fern-platformNotes
cli-changelog/2025-11-14.mdxwas unrelated to this PR but was blocking all builds, so I included the trivial fix (escaping curly braces)View original video (recording-485ca08d-fad1-4804-a2b0-0274318827cc-edited.mp4)
Link to Devin run: https://app.devin.ai/sessions/b9345db7d83b49099a87879b8a50b9f2
Requested by: Catherine Deskur (catherine@buildwithfern.com)