Trust and security are foundational to our platform. We implement industry-leading practices to protect your data, ensure system reliability, and maintain transparency in how we handle security.
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database backups are encrypted and stored in geographically distributed locations.
Choose where your data is stored with regional deployment options (US, EU, APAC). Data stays within your selected region for compliance requirements.
Customizable retention policies with automatic data purging. Request complete data deletion at any time with cryptographic proof of destruction.
Scoped API keys with granular permissions. Keys are hashed using bcrypt and never stored in plaintext. Rate limiting and IP allowlisting available.
Integrate with your existing identity provider. Support for GitHub, Google, and custom SAML/OIDC providers for enterprise SSO.
Automatic token rotation with configurable expiration. Refresh tokens for long-lived sessions with automatic revocation on suspicious activity.
Fine-grained permissions with customizable roles. Principle of least privilege enforced across all resources with inheritance support.
Organize users into teams with shared permissions. Delegate admin rights, resource ownership, and collaboration controls at the team level.
Every action logged with immutable audit trails. Real-time alerts for suspicious activity with full query and export capabilities.
Annual third-party audits verify our security controls. SOC 2 Type II compliance ensures ongoing operational excellence and data protection.
Multi-region deployment with automatic failover. Real-time monitoring, health checks, and incident response with status page transparency.
Enterprise-grade DDoS mitigation with intelligent traffic filtering. WAF protection against OWASP Top 10 vulnerabilities and bot detection.
We welcome security researchers to report vulnerabilities. Safe harbor protections for good-faith research with coordinated disclosure timelines.
Report vulnerabilities to security@foragents.dev with PGP encryption available. Typical response time: <24 hours.
Rewards for qualifying vulnerabilities starting at $100 USD. Critical findings eligible for up to $10,000. Public acknowledgment with researcher consent.
Full compliance with EU General Data Protection Regulation. Data subject rights portal, consent management, and appointed Data Protection Officer (DPO).
Independent validation of security, availability, processing integrity, confidentiality, and privacy controls. Reports available under NDA.
Business Associate Agreements (BAA) available for healthcare customers. PHI encryption, audit logging, and compliance controls for regulated industries.
Essential security practices every agent should verify before deployment.
Use environment variables or secret management systems for API keys
Prevent abuse and ensure fair resource allocation
Protect against injection attacks and malformed data
Ensure data in transit is protected from interception
Reduce risk from compromised credentials with time-limited tokens
Maintain comprehensive records for security analysis and compliance
Stay ahead of known security issues in third-party code
Grant only the minimum permissions necessary for each role
Ensure business continuity in case of security incidents
Be prepared to respond quickly and effectively to security events