Trust & Security

We understand the importance of trust and security not only to you, but to your customers, clients, and employees. Foqal was designed from the ground up with security and privacy in mind. From the first release, we have been building security features and baking security best practices directly into the architecture of the product.

Your Data is Always Secure

  • Data minimization - we do not collect data unless it is required to provide you service. Additionally, we know about every piece of data that we collect and where it is at all times.
  • Strong Encryption - All of your data is encrypted in transit and at rest.
  • Restricted Access Policies - even employees of Foqal do not have access to your data unless absolutely necessary to do their job.
  • Continuous Testing - we monitor and run continuous tests against our systems to ensure that your data is always safe!
  • Compliant - Foqal is SOC2, GDPR, and CCPA compliant and ready. But we don't stop at compliance, we build real security practices that go well beyond a simple audit.
  • Strong Secure Foundation - From the beginning, we knew Foqal has to be built on a secure foundation. Security and Privacy was engineered into the product from the first line of code.
  • Availability - We monitor our systems like hawks and employ constant backups, logging, and status checks. See our status here.
  • Incident Management - In the case of a security breach, we will notify you, in writing, of any unauthorized access to your data within 48 hours of discovery.

Compliance

SOC 2 Compliant

We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security, availability, and confidentiality of your data.

GDPR Ready

We are fully GDRP complaint. Our policies and practices allow all EU, UK, and Swiss residents access to their data. For more information, see our DPA here.

CCPA Ready

Are you a resident of California? Want to know your rights? See our Information of California Residents.

Resource Center

We maintain and strongly enforce our Terms of Service and Privacy Policy. We also maintain policies and procedures help our employees understand security, your privacy, and help us maintain your trust. Below is a set of resources. Select the ones you want to receive and we will send them over with an mNDA to sign.

1
Select the policies you want us to send to you.

Reports & Whitepapers

Policies

2
Enter your information and we will send you an mNDA. Once the NDA is signed, the policies will be sent to you.
Thanks, you will receive an NDA shortly. Once you accept the NDA, your resources will be sent to you.
Oops! Something went wrong while submitting the form.

Pillars of Security

  • Confidentiality
    We know how important is the data you share with us. For this reason, we use technical controls and policies to limit access to your data from outside attackers and even our employees.
    • Encryption in Transit & Rest
    • Access Controled
  • People
    Having great people isn't enough. We ensure our people are trained on all of our policies and modern day security practices.
    • Multi-factor Authentication
    • Vulnerability Management
    • Change Management
    • Secure SDLC
  • Ethics
    Our people are not just thinking about security & trust, we ensure all of our employees understand our moral and ethnical ethos as well.
    • Anti-Bribery & Corruption
    • Anti-Modern Slavery
    • Equal Employment Opportunity
    • Whistleblower Protection
  • Procedures
    If things really start heading south, its important to have documented and tested procedures to help us recover.
    • Vendor Management
    • Business Continuity
    • Risk Management
    • Documented Subprocessors
  • Integrity
    We understand that it’s not enough to keep attackers from reading your data. We want to make sure that no one can change or delete your data as well. Only the necessary employees have access to the data, and are unable to add code to the Foqal product without proper validation and automated testing
  • Availability
    Foqal is designed and configured at all layers of the stack to ensure we are always secure and have a high uptime.
    • Continuous Backups
    • Logging
    • Incident Management
    • Multi-Region AWS
    • Horizontally Scalable

Have some questions?

We are always happy to help. Please fill out the form below and let us know what we can help you with. Want to get access to any security resources? Let us know.

Find a Security Vulnerability in Foqal?

Are you a Security Researcher? Find a vulnerability in Foqal? Explore our dedicated Vulnerability Disclosure Program—our pledge to collaborate with ethical hackers and security researchers to ensure the highest level of protection for our platform and users.

Vulnerability Disclosure Program