Security at furl

We take security seriously. We have implemented a number of measures to ensure that your data is safe and secure.

Governance

As a founding team with decades of combined experience in security, we are committed to ensuring security and compliance by creating policies and controls, as well as overseeing adherence to these controls.

SOC 2 Compliance

As of April, 2024 furl is SOC 2 Type II compliant. This achievement indicates that our handling and processing of customers’ data meets key security standards. The protection of customer data is the highest priority for our team and we’re committed to building a robust security & compliance program. To request access to the furl Trust Center and SOC 2 Type II report, please submit a request at our Trust Center or email support@furl.ai.

We base our policies on the following principles:

Data protection

Data storage

All persistent customer data at rest, including S3 buckets, are encrypted. Row-level, customer data segmentation is also employed to ensure customers have confidence in data isolation.

Data transmission

All external data transmission is encrypted in transit according to NIST Cryptographic standards.

Secret management

All secrets are stored in a secure, encrypted vault. Access to this vault is restricted to a small number of authorized employees. Secrets are never stored in plaintext.

Product security

Vulnerability scanning

We use automated tools to scan our applications and infrastructure for vulnerabilities. These tools are run on a regular basis.

LLM use

Our product is designed to avoid dependency on any single LLM service provider. Our results are backed with concrete auditable data to prevent hallucinations. User data is not used to train our models without explicit permission.

Organizational security

Endpoint protection

Centralized management oversees all corporate devices, each equipped with mobile device management software. Endpoint security alerts receive constant monitoring through 24/7/365 coverage. Our implementation of MDM software ensures the enforcement of secure configurations on endpoints, including disk encryption, screen lock configuration, and software updates.

Security training

All employees are required to complete security awareness training on an annual basis. This training covers topics such as phishing, social engineering, and password security.

Vendor security

We conduct security reviews of all third-party vendors that have access to our systems or data. These reviews include a review of the vendor’s security policies and procedures.

Data Privacy

We take data privacy seriously. We have implemented a number of measures to ensure that your data is safe and secure. For more information on our privacy practices, please see our Privacy Policy.

Reporting security concerns

If you believe you have found a security vulnerability in furl or have a question relating to our security policies, please contact us at support@furl.ai.