Security Practices
Last updated: May 2026
1. Tenant Isolation
Foixar enforces tenant boundaries across API, portal, storage, governance, audit, and decision-memory surfaces. Tenant identity is derived from validated authentication context, not client-supplied request payloads.
2. Identity and Access
Foixar uses Microsoft identity services for authentication and supports customer identity federation through Microsoft Entra where configured. Administrative and internal access is limited to authorised Foixar personnel.
3. Secrets and Credentials
Foixar stores Foixar-managed secrets in managed secret storage and avoids storing provider secrets in application configuration files. Customers remain responsible for rotating and governing credentials for customer-managed resources connected to Foixar.
4. Encryption
Foixar uses TLS for data in transit. Data at rest is protected by the underlying managed cloud services used to operate the platform. Customer-managed resources follow the encryption settings configured by the customer with that provider.
5. Auditability
Foixar records governance runs, agent reports, decision lifecycle events, role changes, and operational audit records so customers can review what happened, when, and why.
6. Monitoring and Incident Response
Foixar monitors platform health, service errors, deployment status, and operational signals. Confirmed security incidents involving Customer Data are handled under the security incident process described in the Data Processing Addendum.
7. Customer Responsibilities
Customers are responsible for securing their connected repositories, identity providers, cloud accounts, AI providers, storage providers, permissions, tokens, keys, and billing accounts.