Security
Learn about Futurity’s security features and how to protect your organization’s data.
Security Overview
Section titled “Security Overview”Futurity is built with security-first principles:
- Encryption: All data encrypted in transit and at rest
- Authentication: Industry-standard OAuth and JWT
- Authorization: Role-based access control (RBAC)
- Compliance: SOC 2 Type II, GDPR compliant
- Infrastructure: Hosted on secure cloud infrastructure
Data Protection
Section titled “Data Protection”Encryption
Section titled “Encryption”| Data State | Method |
|---|---|
| In transit | TLS 1.3 |
| At rest | AES-256 |
| Database | Encrypted volumes |
| Backups | Encrypted snapshots |
Data Residency
Section titled “Data Residency”Your data is stored in secure data centers. Contact us for specific data residency requirements.
Data Retention
Section titled “Data Retention”| Data Type | Retention |
|---|---|
| Active content | Until deleted |
| Deleted content | 30 days (recoverable) |
| Audit logs | 1 year |
| Backups | 30 days |
Authentication
Section titled “Authentication”Password Requirements
Section titled “Password Requirements”Passwords must meet these criteria:
- Minimum 12 characters
- Mix of uppercase and lowercase
- At least one number
- At least one special character
- Not in common password lists
Single Sign-On (SSO)
Section titled “Single Sign-On (SSO)”Enterprise plans support SSO with:
- Google Workspace
- Microsoft Azure AD
- Okta
- SAML 2.0 providers
Multi-Factor Authentication (MFA)
Section titled “Multi-Factor Authentication (MFA)”Session Management
Section titled “Session Management”| Setting | Default |
|---|---|
| Session timeout | 24 hours |
| Inactive timeout | 2 hours |
| Concurrent sessions | Allowed |
| Session revocation | Immediate |
Authorization
Section titled “Authorization”Role-Based Access Control
Section titled “Role-Based Access Control”See Roles & Permissions for detailed RBAC configuration.
Permission Model
Section titled “Permission Model”User → Role → Permissions → Resources- You’re assigned roles
- Roles contain permissions
- Permissions control resource access
Resource-Level Access
Section titled “Resource-Level Access”Beyond roles, resources have their own access controls:
- Vault: File and folder sharing
- Workflows: Per-workflow permissions
- Dashboards: Sharing settings
Audit Logging
Section titled “Audit Logging”What’s Logged
Section titled “What’s Logged”| Event Type | Examples |
|---|---|
| Authentication | Login, logout, failed attempts |
| User management | Invites, role changes, removals |
| Content access | File views, downloads, shares |
| Configuration | Settings changes, integrations |
| API access | API calls with user context |
Accessing Audit Logs
Section titled “Accessing Audit Logs”- Go to Organization → Security
- Click Audit Logs
- Filter by date, user, or event type
- Export as needed
Log Retention
Section titled “Log Retention”Audit logs are retained for:
- Standard plans: 90 days
- Professional plans: 1 year
- Enterprise plans: Custom retention
API Security
Section titled “API Security”Authentication
Section titled “Authentication”API requests require authentication:
curl -H "Authorization: Bearer YOUR_TOKEN" \ https://api.futurity.work/v1/endpointToken Management
Section titled “Token Management”| Token Type | Lifetime | Use Case |
|---|---|---|
| Access token | 1 hour | API requests |
| Refresh token | 30 days | Get new access tokens |
| API key | Until revoked | Server-to-server |
Rate Limiting
Section titled “Rate Limiting”To prevent abuse, API requests are rate limited:
| Plan | Requests/minute |
|---|---|
| Standard | 60 |
| Professional | 300 |
| Enterprise | Custom |
Infrastructure Security
Section titled “Infrastructure Security”Cloud Infrastructure
Section titled “Cloud Infrastructure”- Hosted on enterprise-grade cloud providers
- Isolated virtual networks
- Regular security patches
- DDoS protection
Network Security
Section titled “Network Security”- Web Application Firewall (WAF)
- Intrusion detection systems
- Regular penetration testing
- Vulnerability scanning
Monitoring
Section titled “Monitoring”- 24/7 infrastructure monitoring
- Anomaly detection
- Automated alerts
- Incident response team
Compliance
Section titled “Compliance”Certifications
Section titled “Certifications”| Standard | Status |
|---|---|
| SOC 2 Type II | Certified |
| GDPR | Compliant |
| ISO 27001 | In progress |
Data Processing
Section titled “Data Processing”- Data Processing Agreement (DPA) available
- Standard Contractual Clauses for international transfers
- Privacy-by-design principles
Security Best Practices
Section titled “Security Best Practices”For Administrators
Section titled “For Administrators”- Enable SSO: Centralize authentication
- Regular access reviews: Audit user permissions quarterly
- Offboard promptly: Remove departed users immediately
- Monitor audit logs: Review for suspicious activity
- Keep contacts updated: Ensure security contacts are current
For Everyone
Section titled “For Everyone”- Strong passwords: Use unique, complex passwords
- Don’t share credentials: Use your own account
- Log out on shared devices: Don’t stay logged in
- Report suspicious activity: Alert admins to anything unusual
- Be careful with sharing: Only share with appropriate people
For Developers
Section titled “For Developers”- Secure API keys: Never commit to source control
- Rotate tokens: Refresh credentials regularly
- Validate inputs: Sanitize data sent to APIs
- Handle errors properly: Don’t expose sensitive info
- Use HTTPS only: Never use unencrypted connections
Incident Response
Section titled “Incident Response”Reporting Security Issues
Section titled “Reporting Security Issues”Found a security vulnerability? Contact us:
- Email: security@futurity.work
- Response time: Within 24 hours
Incident Notification
Section titled “Incident Notification”If a security incident affects your data:
- We’ll notify you within 72 hours
- Provide details about impact
- Share remediation steps
- Conduct post-incident review
Security Updates
Section titled “Security Updates”Stay informed about security:
- Check our Changelog for security updates
- Subscribe to security notifications in Organization settings
- Review release notes for security patches
Getting Help
Section titled “Getting Help”For security questions:
- Contact your account manager
- Email security@futurity.work
- Enterprise: Dedicated security contact