Security at furl

We take security seriously. We have implemented a number of measures to ensure that your data is safe and secure.

Governance

As a founding team with decades of combined experience in security, we are committed to ensuring security and compliance by creating policies and controls, as well as overseeing adherence to these controls. Furl proactively ensures external validation and is currently undergoing a SOC 2 audit, which is expected to be completed in Q2 2024.

We base our policies on the following principles:

• Least privilege: We grant access to only the data and systems that are required to perform a task.
• Defense in depth: We implement multiple layers of security controls to protect our systems.
• Consistency: We apply the same security controls and processes across the entire organization.
• Iterative improvement: We continuously improve our security posture through internal and external reviews.

Data protection

Data storage

All persistent customer data at rest, including S3 buckets, are encrypted. Row-level, customer data segmentation is also employed to ensure customers have confidence in data isolation.

Data transmission

All external data transmission is encrypted in transit according to NIST Cryptographic standards.

Secret management

All secrets are stored in a secure, encrypted vault. Access to this vault is restricted to a small number of authorized employees. Secrets are never stored in plaintext.

Product security

Vulnerability scanning

We use automated tools to scan our applications and infrastructure for vulnerabilities. These tools are run on a regular basis.

LLM use

Our product is designed to avoid dependency on any single LLM service provider. Our results are backed with concrete auditable data to prevent hallucinations. User data is not used to train our models without explicit permission.

Organizational security

Endpoint protection

Centralized management oversees all corporate devices, each equipped with mobile device management software. Endpoint security alerts receive constant monitoring through 24/7/365 coverage. Our implementation of MDM software ensures the enforcement of secure configurations on endpoints, including disk encryption, screen lock configuration, and software updates.

Security training

All employees are required to complete security awareness training on an annual basis. This training covers topics such as phishing, social engineering, and password security.

Vendor security

We conduct security reviews of all third-party vendors that have access to our systems or data. These reviews include a review of the vendor’s security policies and procedures.

Data Privacy

We take data privacy seriously. We have implemented a number of measures to ensure that your data is safe and secure. For more information on our privacy practices, please see our Privacy Policy.

Reporting security concerns

If you believe you have found a security vulnerability in furl or have a question relating to our security policies, please contact us at support@furl.ai.