Our Security

We Practice What
We Preach

Foefox Labs is SOC 2 Type II certified. Your data is protected by the same standards we help you achieve.

Trust Center

Transparency into our security posture

SOC 2 Type II

Certified since 2022

Active Request Report

ISO 27001

Certified since 2023

Active View Certificate

GDPR Compliant

Full compliance

Compliant Privacy Policy

Security Practices

How we protect your data

Data Encryption

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Client-side encryption available
  • Hardware security modules (HSM) for key management

Access Control

  • SSO with SAML/OIDC support
  • Role-based access control (RBAC)
  • Mandatory MFA for all staff
  • Quarterly access reviews

Monitoring

  • 24/7 SOC monitoring
  • Real-time threat detection
  • Comprehensive audit logging
  • Anomaly detection with ML

Secure Development

  • Secure SDLC practices
  • Automated SAST/DAST scanning
  • Annual penetration tests
  • Bug bounty program

Infrastructure

  • AWS GovCloud available
  • Multi-region redundancy
  • 99.9% SLA uptime
  • Automated backups

Incident Response

  • 24-hour incident response
  • Documented IR playbooks
  • Regular tabletop exercises
  • Breach notification within 72h

Vendor Management

We vet our vendors as rigorously as you vet us

Every vendor with access to client data undergoes security assessment:

  • SOC 2 report review
  • Security questionnaire
  • Contract security terms
  • Annual reassessment
All Critical Vendors
SOC 2 Certified

Sub-processors

Third parties that may process client data

Vendor Purpose Location Compliance
Google Cloud Platform Cloud Infrastructure US SOC 2, ISO 27001
Zoho Workplace Email & Collaboration India SOC 2, ISO 27001
Cloudflare Security US SOC 2, ISO 27001
Stripe Payment Processing US PCI-DSS, SOC 2

Full sub-processor list available upon request. Customers notified 30 days before new sub-processor additions.

Report a Vulnerability

Found a security issue? We run a responsible disclosure program.

security[at]foefox[dot]com

Request Documents

Need our SOC 2 report, penetration test summary, or questionnaire?

Request Access