Your Data, Protected
We implement commonly accepted business security practices for handling your data. Security is a priority, and we continuously work to protect your information.
Note: While we take reasonable precautions to secure your data, no system can guarantee 100% security. We cannot guarantee that our service will detect all threats or be without vulnerabilities.
Encryption in Transit
All data transmitted to and from ForwardToSafety is encrypted using TLS 1.3. Your emails and analysis results are protected from interception.
Secure Infrastructure
Our servers are hosted with reputable providers that maintain physical security controls and reliable uptime.
Access Controls
Access to customer data is limited to authorized personnel on a need-to-know basis.
Secure Payments
Payment processing is handled by Authorize.net, a PCI DSS Level 1 certified provider. We never store your credit card details.
Email Security
We implement comprehensive email security measures:
- SPF (Sender Policy Framework): Validates that emails come from authorized servers
- DKIM (DomainKeys Identified Mail): Cryptographically signs our outgoing emails
- DMARC: Provides instructions for handling emails that fail authentication
- DNSSEC: Protects against DNS spoofing attacks
Your Data, Your Control
We handle your email data responsibly:
- Minimal Retention: Email content is retained only as long as necessary for analysis and your reference
- Automatic Deletion: Detailed email content is automatically purged after 90 days
- No Selling: We never sell or share your email content with third parties for marketing
- Attachment Sandboxing: Suspicious attachments are analyzed in isolated environments
Analysis Security
Our 6-tier analysis system is designed with security in mind:
- Link Scanning: URLs are analyzed without exposing your network to malicious sites
- Safe Browsing: We check links against multiple threat databases without visiting them from your device
- Attachment Analysis: Files are examined in secure sandboxes to detect malware
- Analysis Engine: Multi-tier expert analysis with strict privacy controls
Endpoint & Managed-Service Security
For our computer security check-up (Reveal Scan) and managed plans (Fortify and Support & Defend), we apply the same security-first principles to anything that runs on your devices:
- Read-only check-up: The Reveal Scan tool inspects system configuration and security settings only. It does not read your personal files, documents, or messages. The standard check-up makes no changes to your computer. When the optional full system report is generated, it writes a single temporary report file that is removed immediately after it is read.
- On-device redaction: When the optional full system report is captured, it is redacted on the device before upload to remove environment-variable values, usernames, and user-profile paths. Only the redacted report is transmitted to our servers.
- Server-side scoring: The tool collects signals and sends them securely over TLS to our servers, which perform the scoring — keeping detection logic off the device and out of an attacker's reach.
- Least-privilege agents: Managed-plan agents (Fortify, Support & Defend) run only on the devices you enroll, collect only what is needed to patch, harden, and monitor those devices, and can be removed by you at any time.
- Protected telemetry: Device telemetry, logs, and alerts are encrypted in transit and access-restricted to authorized personnel on a need-to-know basis.
Quality Assurance
To maintain and improve the accuracy of our analysis, we perform random manual sampling of verdict reports. This quality assurance process helps us identify areas for improvement and ensure our detection systems are performing as expected.
Incident Response
In the unlikely event of a security incident, we have established procedures for rapid response, containment, investigation, and notification. We will notify affected users promptly in accordance with applicable laws and regulations.
Responsible Disclosure
If you discover a security vulnerability in ForwardToSafety, we encourage responsible disclosure. Please report security issues to security@forwardtosafety.com. We commit to:
- Acknowledging your report within 48 hours
- Providing regular updates on our investigation
- Not pursuing legal action for good-faith security research
- Crediting researchers who help improve our security (with permission)
Questions?
If you have questions about our security practices, please contact us at:
Email: security@forwardtosafety.com
