FAQ
Foundable security and privacy FAQ
Short answers that point to the public security, privacy, and legal pages as the deeper source of truth.
Is Foundable secure and private?
Foundable's public security and privacy pages are the official trust sources. They say Customer Content is not used to train AI models, integration credentials are encrypted at the application layer, API access is authenticated and scoped by company, and security researchers can use responsible disclosure.
Does Foundable use customer content to train AI models?
Foundable's public security page says Customer Content is not used to train AI models, and that Anthropic contractually agrees not to train on it either.
How does Foundable protect integration credentials?
The public security page says OAuth refresh tokens, API keys, and similar secrets are encrypted at the application layer with AES-256-GCM in addition to database encryption at rest.
How does Foundable handle tenant isolation?
Foundable validates authenticated access on API requests and scopes customer context per company. The public security page explains the tenant isolation model in more detail.
Where can I review Foundable's privacy terms?
Use the Privacy Policy, Terms of Service, AI Disclosure, Security page, and Responsible Disclosure page for the full public trust surface.
Can security researchers report issues?
Yes. Foundable has a public Responsible Disclosure page for reporting potential vulnerabilities.