Security

Our approach to security

Foundry Compliance takes the security of your data seriously. We apply security best practices across our infrastructure, application code, and data handling to protect your information.

Authentication & access control

• All access to the Service requires a verified account login.
• Sessions are managed via HTTP-only cookies with a secure session identifier.
• Each user can only access their own compliance checks and data — cross-account access is not possible.

Data in transit

• All connections to foundrycompliance.co.uk are encrypted using TLS 1.2 or higher.
• HTTPS is enforced; unencrypted HTTP requests are redirected automatically.

Data at rest

• Compliance check data and audit parameters are stored in an encrypted database.
• Uploaded PDF content is processed and then discarded — we do not store PDF content long-term.
• Raw upload metadata and audit records are automatically deleted after 30 days.

Infrastructure

• The Service is hosted on Render, running on AWS infrastructure with SOC 2 compliance.
• Database backups are taken regularly and stored securely.
• We apply security updates promptly when vulnerabilities are identified in our dependencies.

AI processing

Extracted text from your uploaded design packs is sent to Anthropic's API for compliance analysis. Anthropic's data handling is governed by their Privacy Policy. We do not use your data to train AI models.

Reporting a vulnerability

If you believe you have found a security vulnerability in our Service, please report it responsibly to us before public disclosure. We will acknowledge your report within 2 business days and work to resolve confirmed issues promptly.

Report security issues to: support@foundrycompliance.co.uk

← Back to Foundry Compliance