Enterprise-grade security. Built in - not bolted on.
Foqal is built with security at its core. We employ industry-leading practices and maintain rigorous compliance standards to protect your organization's data.
Compliance & Certifications
We maintain industry-leading compliance certifications
SOC 2 Type II
Independently audited for security, availability, and confidentiality
GDPR Compliant
Full compliance with European data protection regulations
HIPAA Aligned
Healthcare data handling capabilities with BAA support
CCPA Aligned
California Consumer Privacy Act compliance for data rights
How We Protect Your Data
Multi-layered security measures to keep your information safe
Data Encryption
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Your data is protected with enterprise-grade encryption standards.
Access Controls
Role-based access control (RBAC) with support for SSO via SAML 2.0 and OAuth. Fine-grained permissions at every level.
Infrastructure Security
Hosted on SOC 2 compliant cloud infrastructure with multi-region redundancy, automated backups, and 99.99% uptime SLA.
Privacy by Design
Data minimization principles, configurable retention policies, and the ability to completely delete all data upon request.
Audit Logging
Comprehensive audit trails for all actions. Export logs to your SIEM for compliance and security monitoring.
Incident Response
24/7 security monitoring with defined incident response procedures. You'll be notified of any security events immediately.
Data Handling & Privacy
We believe you should have complete control over your data. Foqal is designed with privacy-first principles to ensure your organization's information is handled responsibly.
Data Ownership
You retain full ownership of all your data. We never sell or share your information.
Data Minimization
We do not collect data unless it is required to provide you service. We know about every piece of data we collect and where it is at all times.
Data Retention
Configure retention policies to match your compliance requirements. Delete data anytime.
AI & Data Processing
Our AI models are designed with your privacy in mind:
- Your data is never used to train our AI models
- AI processing happens in isolated, secure environments
- Optional on-premise AI deployment available
- Full transparency on how AI uses your knowledge base
- Disable AI features entirely if preferred
- Bring your own AI provider and API key (OpenAI, Claude, etc.) so data never leaves your environment
Request Security Documentation
Select the documents you need for your security review. After submitting, you'll receive an NDA to sign. Once signed, the requested resources will be sent to your email.
Our Security Practices
- Regular third-party penetration testing
- Bug bounty program for responsible disclosure
- Background checks for all employees
- Security awareness training
- Secure software development lifecycle (SSDLC)
- Vendor security assessments
- Business continuity and disaster recovery plans
- Data Processing Agreements (DPA) available
Trust & Transparency
Security is not just a feature - it's foundational to how we build and operate Foqal. We're committed to transparency about our security practices and welcome security reviews from our customers.
Vulnerability Disclosure Program
We value the security research community and welcome reports of potential vulnerabilities. If you believe you've found a security issue, we want to hear from you.
Initial response time
Resolution target
We pledge not to take legal action against good-faith security researchers.
Questions about security?
Our security team is happy to discuss our practices, provide documentation, or schedule a security review call.