Foreman handles contact details, conversation history, and revenue data for small businesses. Here's how we keep it safe.
Encrypted everywhere, hosted on AWS, no model training on customer data — and you can delete everything in one click.
TLS 1.3 in transit. AES-256 at rest. Per-tenant encryption keys for sensitive fields.
Hosted on AWS in US-East. Network isolation, private subnets, least-privilege IAM.
Google SSO supported. Role-based access for team accounts. Session expiry, audit logs.
Export your full data anytime, in CSV or JSON. Delete on request — full purge within 30 days.
Continuous backup. Point-in-time restore. Tested DR every quarter.
We don't train AI models on your data. We don't sell or share it. You stay the data controller.
If you've found something, write to security@foreman.work. Reasonable bug bounties paid for valid reports. We respond within one business day.
We use AWS (hosting), Anthropic (LLM), Twilio (SMS), Google (OAuth & email), and Stripe (billing). Full list and DPAs available on request.
SOC 2 Type II audit in progress, expected Q3 2026. CCPA & GDPR-ready data deletion endpoints. HIPAA is out of scope — Foreman is not designed for protected health information.