Your Data is Always Secure

  • Data minimization - we do not collect data unless it is required to provide you service. Additionally, we know about every piece of data that we collect and where it is at all times.
  • Strong Encryption - All of your data is encrypted in transit and at rest.
  • Restricted Access Policies - even employees of Foqal do not have access to your data unless absolutely necessary to do their job.
  • Continuous Testing - we monitor and run continuous tests against our systems to ensure that your data is always safe!
  • Compliant - Foqal is SOC2, GDPR, and CCPA compliant and ready. But we don't stop at compliance, we build real security practices that go well beyond a simple audit.
  • Strong Secure Foundation - From the beginning, we knew Foqal has to be built on a secure foundation. Security and Privacy was engineered into the product from the first line of code.
  • Availability - We monitor our systems like hawks and employ constant backups, logging, and status checks. See our status here.
  • Incident Management - In the case of a security breach, we will notify you, in writing, of any unauthorized access to your data within 48 hours of discovery.


SOC 2 Compliant

We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security, availability, and confidentiality of your data.

GDPR Ready

We are fully GDRP complaint. Our policies and practices allow all EU, UK, and Swiss residents access to their data. For more information, see our DPA here.

CCPA Ready

Are you a resident of California? Want to know your rights? See our Information of California Residents.

Pillars of Security

  • Confidentiality
    We know how important is the data you share with us. For this reason, we use technical controls and policies to limit access to your data from outside attackers and even our employees.
    • Encryption in Transit & Rest
    • Access Controled
  • People
    Having great people isn't enough. We ensure our people are trained on all of our policies and modern day security practices.
    • Multi-factor Authentication
    • Vulnerability Management
    • Change Management
    • Secure SDLC
  • Ethics
    Our people are not just thinking about security & trust, we ensure all of our employees understand our moral and ethnical ethos as well.
    • Anti-Bribery & Corruption
    • Anti-Modern Slavery
    • Equal Employment Opportunity
    • Whistleblower Protection
  • Procedures
    If things really start heading south, its important to have documented and tested procedures to help us recover.
    • Vendor Management
    • Business Continuity
    • Risk Management
    • Documented Subprocessors
  • Integrity
    We understand that it’s not enough to keep attackers from reading your data. We want to make sure that no one can change or delete your data as well. Only the necessary employees have access to the data, and are unable to add code to the Foqal product without proper validation and automated testing
  • Availability
    Foqal is designed and configured at all layers of the stack to ensure we are always secure and have a high uptime.
    • Continuous Backups
    • Logging
    • Incident Management
    • Multi-Region AWS
    • Horizontally Scalable

Have some questions?

We are always happy to help. Please fill out the form below and let us know what we can help you with. Want to get access to any security resources? Let us know.