Trust Center

Security at ForceTeam.AI

Enterprise-grade protections for your meeting transcripts, Salesforce metadata, and deployment workflows. Built for teams that need transparency, control, and confidence.

Security at a glance

Controls designed for SaaS buyers, compliance teams, and technical evaluators.

Encryption

TLS 1.2+ in transit · AES-256 at rest for sensitive data

Access control

Role-based permissions · least-privilege defaults

24/7 monitoring

Centralized logging · anomaly detection · alerting

Backups & recovery

Automated backups · tested restore procedures

Vulnerability management

Dependency scanning · patch cadence · pen testing

Compliance readiness

GDPR-aligned practices · SOC 2 roadmap

How we protect your data

A defense-in-depth program spanning infrastructure, application, and organizational controls.

Data protection

We treat customer data as a core asset and apply defense-in-depth controls across the stack.

  • Customer data is logically segregated by workspace and tenant
  • Sensitive credentials and tokens are encrypted and access-controlled
  • Data minimization principles guide what we collect and retain
  • Subprocessors are vetted under written data protection terms

Infrastructure security

Production workloads run on hardened cloud infrastructure with network segmentation and continuous monitoring.

  • Private networking and firewall policies for production services
  • Infrastructure-as-code with peer review and change management
  • Automated patching for OS and container base images
  • DDoS mitigation and WAF protections at the edge

Authentication & identity

Secure sign-in flows and session management protect account access.

  • Salesforce OAuth for org connections — no password storage for Salesforce
  • Session expiration, secure cookies, and CSRF protections
  • Support for enterprise SSO on eligible plans (roadmap)
  • Administrative role separation within workspaces

Incident response

Documented procedures help us detect, contain, and communicate about security events.

  • Defined severity levels and on-call escalation paths
  • Forensic logging retention for investigation
  • Customer notification for confirmed incidents affecting their data
  • Post-incident reviews and corrective action tracking

Disaster recovery

Resilience planning reduces downtime and data loss risk.

  • Regular backup schedules with encrypted storage
  • Recovery time and recovery point objectives defined internally
  • Periodic restore drills for critical systems
  • Multi-region redundancy for core services (where applicable)

Privacy commitment

Security and privacy are jointly owned — see our Privacy Policy for data handling details.

  • No sale of personal data
  • Contractual restrictions on AI provider use of customer content
  • Data subject request processes for GDPR and similar laws
  • Security inquiries: [email protected]

Security FAQ

Common questions from security and procurement reviews.

Production data is hosted with leading cloud providers in regions selected for performance and compliance. Enterprise customers may discuss data residency requirements as part of a commercial agreement.

We contractually restrict subprocessors from using your content to train general-purpose models. We process your data only to deliver the services you request, as described in our Privacy Policy.

We align our controls with SOC 2 Trust Services Criteria and GDPR requirements. Formal third-party attestation reports are available to enterprise customers under NDA as they become available.

Tokens are stored encrypted, scoped to the permissions you approve, and revocable at any time from Salesforce or within ForceAI settings.

Yes. Contact [email protected] for security documentation, subprocessors list, and data processing addendum requests.

We welcome responsible disclosure. Email [email protected] with reproduction steps. Please avoid public disclosure until we have had a reasonable opportunity to remediate.

Need a security review?

We provide questionnaires, architecture overviews, and DPAs for enterprise evaluations. Replace placeholder legal details in lib/legal/company.ts before customer-facing audits.