Security at Figo AI

Your data security is our top priority. We implement industry-leading security measures to protect your information and ensure compliance with global standards.

Bank-Level Encryption

TLS 1.3 in transit, AES-256 at rest

SOC 2 Type II

Certified and audited annually

GDPR Compliant

EU data protection standards

Data Encryption

All data is encrypted using industry-standard protocols to ensure confidentiality and integrity.

Encryption in Transit

  • TLS 1.3 for all API communications
  • Perfect Forward Secrecy (PFS)
  • Strong cipher suites only
  • Certificate pinning for mobile apps

Encryption at Rest

  • AES-256 encryption for all stored data
  • Encrypted database connections
  • Key management via AWS KMS or Azure Key Vault
  • Automatic key rotation

Access Controls & Authentication

Multi-layered access controls ensure only authorized users can access your data.

Authentication

  • Multi-factor authentication (MFA) required
  • SSO support (SAML 2.0, OAuth 2.0)
  • Password complexity requirements
  • Session timeout and management
  • Account lockout after failed attempts

Authorization

  • Role-based access control (RBAC)
  • Granular permissions per data source
  • Audit logs for all access
  • IP allowlisting for Enterprise
  • Just-in-time access provisioning

Infrastructure Security

Our infrastructure is built with multiple layers of security protection.

Infrastructure

  • Multi-region redundancy and failover
  • DDoS protection and rate limiting
  • Network segmentation and firewalls
  • Regular security patches and updates

Data Isolation

  • Logical separation of customer data
  • Dedicated database instances for Enterprise
  • No cross-tenant data access
  • Secure API endpoints with authentication

Compliance & Certifications

We maintain compliance with industry standards and regulations to ensure your data is handled securely.

Certifications

  • SOC 2 Type II

    Annual audits covering security, availability, and confidentiality

  • GDPR

    EU General Data Protection Regulation compliant

Security Monitoring & Incident Response

We continuously monitor our systems and have robust procedures for responding to security incidents.

24/7 Monitoring

  • Real-time threat detection
  • Intrusion detection systems (IDS)
  • Security information and event management (SIEM)
  • Automated alerting and response

Incident Response

  • Dedicated security team
  • Incident response plan (IRP)
  • Customer notification within 72 hours
  • Post-incident analysis and improvements

Vulnerability Management

We take security vulnerabilities seriously and have processes in place to identify and remediate them quickly.

Our Process

  • Regular Security Audits: Quarterly penetration testing by third-party security firms
  • Automated Scanning: Continuous vulnerability scanning of our infrastructure and applications
  • Dependency Management: Regular updates of third-party libraries and dependencies
  • Bug Bounty Program: We welcome responsible disclosure. Report security issues to security@getfigo.app

Data Residency & On-Premise Deployment

Enterprise customers have options for where their data is stored and processed.

Data Residency

  • Choose your cloud region
  • Data stays within selected region
  • Compliance with local data laws

On-Premise Deployment

  • Deploy in your own infrastructure
  • Complete data sovereignty
  • Air-gapped deployment available

Security Best Practices for Users

Help us keep your account secure by following these recommendations.

  • Enable Multi-Factor Authentication: Always use MFA for your account
  • Use Strong Passwords: Create unique, complex passwords and use a password manager
  • Review Access Regularly: Periodically review who has access to your data sources
  • Secure Database Credentials: Use read-only credentials when possible and rotate them regularly
  • Monitor Activity: Review audit logs for unusual activity
  • Keep Software Updated: Ensure your browsers and systems are up to date

Report a Security Issue

Found a security vulnerability? We appreciate responsible disclosure. Please report it to our security team.

For general security questions or to request a security assessment, please contact us at the email above.