Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Overview

Faros AI commitment to data privacy and security is embedded in every part of our business. This page outlines the high-level details for several frameworks, regulations, and certifications that apply to our company and its products.

Please contact security@faros.ai to report bugs and vulnerabilities or if you have any other specific questions or requests.

When reporting a bug or vulnerability, please provide a screen recording or another reproducible way of exploiting it. If a vulnerability proved in effect, we would compensate based on the fair market value for similar publicly disclosed vulnerabilities, e.g., on HackerOne.

Compliance

CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
SOC 2 Logo
SOC 2

Trusted by

Autodesk-company-logoAutodesk
Benchling-company-logoBenchling
Box-company-logoBox
Coursera-company-logoCoursera
Discord-company-logoDiscord
Globant-company-logoGlobant
Riskified-company-logoRiskified
Salesforce-company-logoSalesforce
SmartBear-company-logoSmartBear
Thryv-company-logoThryv
Vertex Inc.-company-logoVertex Inc.
Vimeo-company-logoVimeo

Documents

Featured Documents

REPORTSSOC 2 Report

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective24 hours
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network Diagram
Other Reports
Pentest Report
View more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Data Backups
Data Erasure
View more

App Security

Responsible Disclosure
Application Penetration Testing
Bot Detection
View more

AI

AI Security
AI Training Data and Bias
Responsible AI Statement

Legal

SubprocessorsAmazon Web Services (AWS)-company-logoCloudflare-company-logoFrontegg-company-logoSentry-company-logoSegment-company-logo
Customer Audit Rights
Cyber Insurance
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Status Monitoring
Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

DNSSEC
Firewall
IDS/IPS
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
View more

Security Grades

SecurityScorecard
Web Application
Security Scorecard A grade
API
Security Scorecard A grade
CIS Score
Web Application
API
CryptCheck
Web Application
A+
View more
Knowledge Base (FAQ)
    Faros Connectors IP addresses
    Faros API IP addresses
View more
Trust Center Updates

SOC 2 Type II and GDPR audit completion

Compliance
Copy link

Faros AI management would like to announce that Faros AI has completed our SOC2 Type II audit for the one-year period ending in July 2024. The auditors at Prescient Assurance performed the audit and found no exceptions during their review of our controls. The report includes an attestation of Faros AI's GDPR controls. A copy of this report is available via our security portal. The previous year's report was removed.

Published at N/A*

Faros AI management would like to announce that Faros AI has completed our SOC2 Type II audit for the one-year period ending in July 2023. The auditors at Prescient Assurance performed the audit and found no exceptions during their review of our controls. The report includes an attestation of Faros AI's GDPR controls. A copy of this report is available via our security portal.

Published at N/A*

API Key Expiration

General
Copy link

The Faros AI team added support for API Key Expiration. This feature enhances security by allowing customers to set a specific lifespan for API keys. Once the expiration date is reached, the key becomes invalid, reducing the risk of unauthorized access if the key is compromised. This feature helps ensure that API keys are only active for as long as necessary, encouraging regular key rotation and minimizing potential security vulnerabilities in applications.

Published at N/A

Pentest report (July 2024)

Compliance
Copy link

The Faros Infosec team has partnered with Blaze Inforsec to perform the annual pentest for Faros App & API. There were no critical or high findings. The report is available here.

Published at N/A

An Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH (CVE-2024-6387)

Vulnerabilities
Copy link

The Faros Infosec team has evaluated our exposure to an Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH, specifically the sshd process. The vulnerability (CVE-2024-6387) was disclosed on Monday, July 1, 2024.

We determined that the vulnerability affected none of our services, compute instances, or published containers.

Published at N/A

ISO 27001 Surveillance Audit Completion

Compliance
Copy link

Faros AI is pleased to announce the completion of the ISO 27001 annual surveillance audit. Maintaining ISO 27001 demonstrates our continued commitment to meeting international information security standards. The audit summary and updated certificate are available here.

Published at N/A

If you need help using this Trust Center, please contact us.

Contact Support

If you think you may have discovered a vulnerability, please send us a note.

Report Issue