Foundrypowered by soulprint engine
Trust & Security

Built so business teams can sleep at night.

Every conversation, file, and mission your team runs on Foundry is protected by encryption in transit and at rest, strict per-org authorization, and a credential vault that even our admins can't read. Below is the current state of our security posture — kept in sync with the actual code by /api/security.

Last reviewed: 2026-02-09 · Version 1.2
Proof of Integrity · Bitcoin-anchored

Tamper-evident proof for every artifact your agents create.

Tier 1 · Per-file
Every agent-generated artifact (PDFs, briefs, audits, exported reports) is hashed with SHA-256 and the digest is submitted to the OpenTimestamps public calendar network. Within ~1-6 hours that digest is anchored into the Bitcoin blockchain — a tamper-evident record that the file existed at exactly those bytes at exactly that moment. Customers can download the standard `.ots` proof and verify independently with the OpenTimestamps CLI; no SoulPrint cooperation is required.
Tier 2 · Daily Merkle root
Every 24 hours, a Merkle tree is built over key business records written that day (mission events, workspace invite acceptances, org member additions, audit leads). The Merkle root is anchored on Bitcoin via OpenTimestamps. Customers can re-hash any individual record and walk the Merkle path stored in the anchor manifest to prove the record was part of that day's anchored state.
Ledger: Bitcoin (via OpenTimestamps shared calendar servers)
Cost: Free.
Verify yourself: any third party, any time
How to verify independently: All proofs are downloadable as standard `.ots` files and verifiable with the OpenTimestamps reference CLI: `ots verify --file <doc> <doc>.ots`.
Encryption in transit
TLS 1.2+ on every endpoint (HSTS preload).
Encryption at rest
MongoDB Atlas full-disk AES-256. Browser session credentials stored in the Credential Vault use Fernet (AES-128-CBC + HMAC-SHA256) keyed by SOULPRINT_VAULT_KEY in the backend env.
Authentication
  • Email + bcrypt password (cost factor 12, default).
  • Google sign-in via Firebase ID-token verification (public JWKS).
Login lockout after 8 failed attempts within 15 minutes; 15-minute cool-down before the next attempt.
Per-org authorization
Workspaces > Organizations > Teams > Conversations. Every data-bearing endpoint validates org membership (and team membership for closed teams) before returning a row.
Per-user private CoS threads are visible only to the user who owns them and the org owner (audit access). No other member sees the contents.
Rate limiting & abuse protection
  • login:Throttled per IP+email (max 8 failures / 15m).
  • lead capture:5 submissions per IP per minute.
  • invite accept:10 attempts per IP per minute.
Secrets & key management

All third-party API keys (OpenAI, Stripe, Resend, Brave, Perplexity, Kie.ai, Firebase) live in the backend env, never committed to source control. Firebase web config is public by design and gated server-side via project_id allowlist.

Data residency & infrastructure
  • primary region:US
  • database:MongoDB Atlas (managed, encrypted at rest)
  • object storage:MongoDB GridFS (mirrors disk for durability)
Compliance posture
  • soc2 shared platform
    Shared Spark/Temper platform: operating SOC 2-aligned controls today (access reviews, incident playbooks, encryption at rest and in transit, audit logging). Type II attestation on the shared multi-tenant platform is on the roadmap.
  • soc2 refine tier
    Refine tier: each customer receives a dedicated single-tenant deployment built from our reference template. SOC 2 Type II attestation scoped to this template is on the roadmap — once we engage an auditor and the report lands, every Refine customer inherits it under NDA without paying for their own audit. Until then, Refine customers get the dedicated deployment with the controls listed in the roadmap operating today.
  • gdpr
    Right-to-erasure handled via account deletion; data subject requests routed to team@archeforge.com. Sub-processors listed at /legal/sub-processors.
  • data processing agreement
    Standard DPA available on request for any tier. Custom DPA + redlines supported on Refine.
See the full SOC 2 control roadmap
Incident response

Found a vulnerability or have a question for our security team? Email us at team@archeforge.com. We aim to acknowledge within 24 hours.

Want a deeper review? We're happy to walk security teams through our architecture diagram and answer SIG/CAIQ questionnaires.
Talk to security