Your data. Your control.
Security and privacy are foundational to everything we build. Here's how we protect your data and earn your trust.
We never train on your data
Your evaluation data, traces, agent outputs, and datasets are never used to train, fine-tune, or improve any model - ours or anyone else's. Your data is processed solely to deliver your evaluation results, then stored according to your retention preferences.
Security practices
How we protect your data at every layer.
Encryption
AES-256 encryption at rest. TLS 1.2+ for all data in transit. Database-level encryption with managed keys.
Access control
SAML SSO, SCIM provisioning, role-based access, MFA enforcement, and audit logs with 12-month retention.
Infrastructure
Hosted on AWS with isolated VPCs, private subnets, WAF, and DDoS protection. 99.9% uptime SLA.
Data residency
Data stored in US by default (us-east-1). EU data residency available for Enterprise customers (eu-west-1).
Vulnerability management
Annual third-party pen tests, continuous vulnerability scanning, dependency auditing, and automated patch management.
Incident response
Documented response process with 72-hour notification SLA. Post-incident root cause analysis shared with affected customers.
Responsible AI
Our commitment to building AI safety tools responsibly.
Hallucination detection, not generation
Future AGI evaluates and detects hallucinations in AI outputs - we don't generate content that could hallucinate. Our platform helps you catch problems, not create them.
Evaluation transparency
Every evaluation metric is documented with its methodology, limitations, and appropriate use cases. We publish how our evaluators work so you can make informed decisions.
Bias testing
Our evaluation metrics are regularly tested for demographic and linguistic bias. We publish fairness assessments and actively work to reduce disparate impact across populations.
Human oversight
We design our tools to augment human decision-making, not replace it. Guardrails can be configured, overridden, and audited. You always have the final say.
Subprocessors
Third-party services that process data on our behalf.
| Service | Purpose |
|---|---|
| AWS | Cloud infrastructure & data storage |
| Google Cloud | Compute & ML infrastructure |
| Stripe | Payment processing |
| HubSpot | CRM & marketing communications |
| PostHog | Product analytics |
| Sentry | Error monitoring |
Frequently asked questions
Common questions about our security and data practices.
Does Future AGI train on my data?
No. We never use customer data to train, fine-tune, or improve any models. Your data is used exclusively to provide you with evaluation results and is never shared with other customers or third parties.
Where is my data stored?
Data is stored in AWS data centers. By default, data resides in the US (us-east-1). Enterprise customers can request EU data residency (eu-west-1). All data is encrypted at rest with AES-256 and in transit with TLS 1.2+.
How long do you retain my data?
Evaluation data is retained for the duration of your subscription. When you delete data through the dashboard or API, it is permanently removed from our systems within 30 days. Upon account termination, all data is deleted within 90 days.
Do you have SOC 2 Type II certification?
Yes. Our SOC 2 Type II report covers Security, Availability, and Confidentiality trust service criteria. Contact sales@futureagi.com to request a copy under NDA.
How do you handle security incidents?
We follow a documented incident response process. Affected customers and relevant authorities are notified within 72 hours. Post-incident, we conduct a root cause analysis and publish a summary to affected parties.
Do you support SSO and SAML?
Yes. Enterprise plans include SAML-based SSO with support for Okta, Azure AD, Google Workspace, and OneLogin. SCIM provisioning is available for automated user management.
Can I export or delete my data?
Yes. You can export all your data via our API at any time. Deletion requests can be made through the dashboard or by contacting privacy@futureagi.com. Requests are processed within 30 days.
Do you perform penetration testing?
Yes. We conduct annual third-party penetration tests and run continuous vulnerability scanning. Enterprise customers can request a summary of our latest pen test results under NDA.
Report a vulnerability
Found a security issue? We appreciate responsible disclosure. Please report vulnerabilities to our security team.
security@futureagi.comRequest compliance documents
Need our SOC 2 report, DPA, pen test summary, or other security documentation? Contact our team.
Request documents