Security
Last updated:
FoxtINN is built for operators in regulated industries · hospitality, healthcare, retail. Security is owned end-to-end by our security team, audited annually, and embedded in every product surface.
SOC 2 Type II
Annual SOC 2 Type II audit covering Security, Availability and Confidentiality. Report available under NDA. Auditor: Schellman & Co.
Encryption
TLS 1.3 in transit. AES-256 at rest across RDS, S3, and Redis. Customer-managed keys (CMK) available on Portfolio.
Network isolation
Production runs on AWS in us-east-2. Database in private subnets, no public IP. Backend in ECS Fargate with VPC-only egress.
Identity & access
SSO via SAML 2.0 / OIDC. SCIM 2.0 provisioning. Role-based access control with optional approval flows on sensitive actions.
Logging & monitoring
All admin actions captured in audit log. Anomaly detection on auth events. 24/7 alerting on security-relevant events.
Penetration testing
External pentest performed annually. Internal pentest on each major feature release. Findings remediated under standard SLA.
Vendor security
All subprocessors reviewed annually. Tier-1 vendors require SOC 2 attestation or equivalent.
Questions? hello@foxtcon.com · Back to Trust Center