Fragment
Fragment, a Paris-based B2B operations company, focuses on secure data handling and privacy through robust API and Chrome extension solutions, adhering to stringent security standards and regulations.
Company Overview
Fragment is a B2B operations company based in Paris, Île-de-France, France. With a team size of 2, Fragment operates within the regions of France and Europe. They were a part of the Y-Combinator Summer 2023 (S23) batch. The company’s primary industry is B2B, focusing on operational efficiencies and solutions for businesses.
Fragment's Security Measures
Fragment prioritizes data security with robust measures in place. Data transmission between Fragment’s servers and customers is encrypted using HTTPS protocols. For authentication, the company leverages AWS Cognito, providing a secure and scalable user management solution. Additional layers of security include JWT tokens for Chrome extension authentication and an API Gateway protected by API keys. Fragment also issues customer-specific API keys for developer access.
Fragment Chrome Extension
The Fragment Chrome extension enhances user experience without compromising privacy. The extension’s codebase, particularly the content.js file, is available for review and does not perform unauthorized actions. Adhering to the manifest v3 standard, the extension requires permissions such as 'activeTab', 'tabs', 'storage', 'scripting', and 'identity'. Authentication with the backend is managed using JWT tokens to ensure secure operations.
Data Privacy and Compliance
Fragment is dedicated to data privacy, strictly following GDPR, CCPA, and PDPA regulations. The company processes minimal necessary data, such as URLs and metadata for task dispatch. They emphasize transparent data processing and uphold data ownership and privacy. Fragment promptly erases requested data and does not collect or sell personal information. Guillaume Genthial, the CTO, serves as the Data Protection Officer (DPO).
Authentication and Access Management
Fragment supports multiple authentication methods, including AWS Cognito with password-based authentication and federated sign-in options, such as Google authentication. Access and ID tokens expire after 36000 seconds, while refresh tokens expire after 30 days. Tokens can be administratively revoked through Fragment’s dashboard. New account signups are facilitated exclusively by the Fragment team.