How we secure your account
Encryption
Our website uses industry-standard encryption to ensure protected transmission of data (HTTPS): AES-256 bit or better for RDS and S3 data encryption for data at rest and TLS 1.2 or better for transit.
Idle lockouts
foundo forces automatic signouts after inactivity to prevent unsanctioned access or use of the user’s account.
Security policy
foundo enforces a strict content security policy and iFrame protection to mitigate the threat of attacks such as ClickJacking
How we secure your data
Secure ID and password
foundo enforces strong password requirements and supports mobile biometric authentication (Face ID/Touch ID).
Activity confirmation
foundo leverages both automated and manual review mechanisms to confirm account changes such as password resets.
Identity verification
foundo customers are able to set up two-factor authentication so that even knowing a user's password is not enough to compromise their account.
Device verification
We require a one-time authorization for each browser on every device you use to sign in to foundo, which ensures only your approved devices and IP addresses can access your foundo account.
Single Sign-On (SSO) integration
foundo' SSO feature enables a secure — yet seamless — login experience through identity providers like Okta.
How we prevent fraud