Trust & Security

Security built in, not bolted on

FoxtInn is engineered by a team with deep Microsoft security and enterprise identity experience. Your data is protected with encryption, strict access controls, continuous monitoring, and compliance-aligned practices from day one.

Contact security team See our controls

Trust pillars

Six pillars of the FoxtInn trust model

Encryption everywhere

TLS 1.2+ in transit, AES-256 at rest. Keys managed with AWS KMS and rotated automatically.

Identity & access

Role-based access control, least-privilege by default, multi-factor authentication for every admin user, and SSO on enterprise plans.

Continuous monitoring

Audit logging, anomaly detection, and 24/7 infrastructure monitoring for every tenant.

Zero Trust architecture

Every request is authenticated, authorized, and encrypted. No implicit trust inside the perimeter.

Backup & recovery

Automated daily backups, point-in-time recovery, and tested disaster recovery procedures.

Compliance-aligned

Built to align with SOC 2, GDPR, CCPA, and PCI DSS best practices. SOC 2 Type I in progress.

Detailed controls

What we do to protect your data

Infrastructure

FoxtInn runs on AWS in U.S. regions with multi-AZ redundancy. All production infrastructure is provisioned as code, reviewed, and versioned. Network segmentation isolates customer workloads from administrative planes.

Secure development

Mandatory code review, automated static analysis, dependency scanning, and secret detection in CI. Production changes require peer approval and audit logs.

Logging & auditing

All access to production systems and customer data is logged and retained. Admin actions generate an immutable audit trail available to Enterprise customers.

Vulnerability management

Automated scans of infrastructure and dependencies, regular third-party penetration testing, and a responsible disclosure program at security@foxtcon.com.

Incident response

Documented incident response plan with defined severity levels, 24/7 on-call rotation, and customer notification within 72 hours for confirmed personal data incidents.

Personnel security

Background checks, security training at onboarding and annually, documented access provisioning and deprovisioning, and enforced MFA for all employees.

Compliance roadmap

Where we are on certifications

SOC 2 Type I

In progress

Targeting completion Q3 2026.

SOC 2 Type II

Planned

Targeting completion Q1 2027.

GDPR

Aligned

DPA available on request.

CCPA / CPRA

Aligned

DSAR process in place.

PCI DSS

Out of scope

Payments handled by a PCI Level 1 processor; FoxtInn does not store card data.

HIPAA

On request

BAA available for qualified clinical customers.

Need a security review or DPA?

Our team can walk you through controls, share documentation, and sign a data processing agreement tailored to your business.

Request security review Read privacy policy