Forethought’s Stance on Security

Secure and private by default

We take the responsibility of helping you manage your customer data seriously. That’s why security and privacy are key focus areas for our organization and product development.

Internal Security

Data Encryption
Your data is encrypted at rest and protected by TLS in transit. We manage our production secrets with AWS tools.

Rigorous product design
Our projects pass thorough security-design reviews, threat models, and regular pen tests using trusted security vendors.

Company training
All employees are required to complete security and privacy training. In addition, engineers must complete specialized security training.

Forethought’s commitment to data privacy

Adhering to local regulations is only one component of our commitment to privacy. Our higher order mission is to treat you and your customers with the respect you deserve.

Data Processing Agreement
Our Data Processing Agreement (DPA) reflects the requirements of the GDPR, and CCPA

Privacy by Design
We take steps to protect your data and comply with the relevant data protection laws. 

Privacy Policy
Our Privacy Policy honors the GDPR, EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

Data Protection Officer
Forethought has appointed a Data Protection Officer to oversee our ongoing compliance efforts.

Compliance Standards

Forethought operates in compliance with key information security standards and regulations. Our services are independently audited and certified to meet compliance standards for security, availability and confidentiality. We are compliant with ISO 27001 and certified for SOC 2.

General Security Questions

If you have general security questions or concerns please email us at security [at] forethought.ai.