Compliance FAQ
Frequently asked questions about Future AGI's compliance certifications and governance.
Certifications and Status
What compliance certifications does Future AGI hold?
| Certification | Status |
|---|---|
| SOC 2 Type II | Certified (annual audit) |
| ISO 27001 | Certified |
| HIPAA | BAA available (Scale and Enterprise plans) |
| ISO 42001 | In progress (expected Q4 2026) |
How often are audits conducted?
SOC 2 Type II audits are conducted annually, covering a twelve-month observation period. ISO 27001 surveillance audits occur annually, with a full recertification audit every three years.
Security Testing
How often are penetration tests performed?
External penetration tests are conducted at least annually by an independent, qualified third-party firm. Additional tests are performed following significant architectural changes. A summary of findings is available to customers under NDA.
What does the risk management process look like?
We perform formal risk assessments at least annually and whenever significant changes occur in our environment. Risks are evaluated using a standardized methodology that considers likelihood, impact, and existing controls. Each identified risk is assigned an owner and tracked through a treatment plan with defined timelines.
Vendor and Sub-Processor Management
How does Future AGI manage third-party vendors?
All vendors with access to customer data undergo a security assessment before onboarding that evaluates their security posture, certifications, data handling practices, and contractual obligations. Vendors are reassessed annually and must maintain security standards consistent with our own. A current list of sub-processors is available on request.
Company Policies
Does Future AGI have an acceptable use policy?
Yes. Our Acceptable Use Policy defines permitted and prohibited uses of the platform, including restrictions on illegal activity, abuse, and any use that could compromise the security or availability of the service.
Does Future AGI have a code of conduct?
Yes. All employees are required to acknowledge and adhere to our Code of Conduct, which covers professional ethics, conflicts of interest, data handling responsibilities, and reporting obligations. Compliance is reaffirmed annually.
Physical Security
Where are Future AGI’s offices located?
Future AGI operates from offices in the United States and India. All office locations are equipped with physical access controls, including badge-based entry, visitor logging, and security monitoring.
What about data center security?
Our infrastructure runs on Amazon Web Services (AWS), which maintains SOC 2, ISO 27001, and numerous other certifications for its physical data center facilities. AWS data centers feature multi-layered physical security including biometric access controls, 24/7 surveillance, and environmental safeguards.
Security Ownership
Who is responsible for security at Future AGI?
Security is led by a dedicated Security Lead who reports to executive leadership. The security team is responsible for policy development, risk management, incident response, vulnerability management, and compliance programs. Security is considered a shared responsibility across the entire engineering organization.
Requesting Documents
How can I request compliance documents?
To request SOC 2 Type II reports, ISO 27001 certificates, penetration test summaries, or policy documents, contact sales@futureagi.com. Most documents are available under a non-disclosure agreement (NDA). We typically respond to compliance inquiries within two business days.