Secure and private by default

We take the responsibility of helping you manage your customer data seriously. That’s why security and privacy are key focus areas for our organization and product development.

Forethought’s commitment to data privacy

Adhering to local regulations is only one component of our commitment to privacy. Our higher order mission is to treat you and your customers with the respect you deserve.

1

Data Processing Agreement
Our Data Processing Agreement (DPA) reflects the requirements of the GDPR, and CCPA

2

Privacy by Design
We take steps to protect your data and comply with the relevant data protection laws. 

3

Privacy Policy
Our Privacy Policy honors the GDPR and CCPA

4

Data Protection Officer
Forethought has appointed a Data Protection Officer to oversee our ongoing compliance efforts.

Internal Security

Data Encryption

Your data is encrypted at rest and protected by TLS in transit. We manage our production secrets with AWS tools.

Rigorous Product Design

Our projects pass thorough security-design reviews, threat models, and regular pen tests using trusted security vendors.

Company Training

All employees are required to complete security and privacy training. In addition, engineers must complete specialized security training.

Vulnerability Disclosure and Reward Program

Forethought maintains a private, invite-only bug bounty program, with the assistance of  HackerOne. Invited researchers are eligible for a payment. While those  who were not invited to the program may still submit a security bug or  vulnerability to Forethought via HackerOne, such reports may not be  eligible for a payment. To learn more about obtaining an invitation to  the private bug bounty program, please see HackerOne’s website on invitations.

By submitting a security bug or vulnerability to Forethought via HackerOne, you acknowledge that you have read and agreed to the Program Terms and Conditions set at in the program. By providing a submission,  you agree that you may not publicly disclose your findings or the contents of your submission to any third parties without Forethought’s prior written approval.

Compliance Standards

Forethought operates in compliance with key information security standards and regulations. Our services are independently audited and certified to meet compliance standards for security, availability and confidentiality. We are compliant with ISO 27001 and certified for SOC 2.

General Security Questions

If you have general security questions or concerns please email us at security [at] forethought.ai.

Email us