Our security posture, in the open.
Certifications, sub-processors, and exactly what data FORG touches. Everything an InfoSec review needs, before you even ask.
What a review needs
SOC 2 Type I
Working toward SOC 2 Type I; Type II to follow. Controls are being formalized — no audit is complete and no report exists yet.
HIPAA BAA
On the Enterprise roadmap. We'll offer a signed BAA once we can actually sign one — not before.
GDPR ready
Right-to-erasure honored within a 30-day SLA. Metadata-only architecture keeps scope small.
Audit ledger
Hash-chained, tamper-evident, exportable evidence for any time window. Every block captured on-device.
Signed agent
Every binary is Ed25519-signed with published SHA-256 sums. The updater is fail-closed: no valid signature, no update.
Data controls
Export or delete all your metadata anytime, straight from your account settings. No ticket, no waiting.