Security built for compliance teams

Foresight is a SaaS regulatory intelligence platform. Customers use Foresight to monitor regulatory sources, understand changes that may affect substances and products, collaborate on alerts, and preserve supporting evidence for later review.

Private workspaces contain customer organization data, uploaded evidence files, user activity, collaboration records, and structured regulatory intelligence such as alerts, tasks, comments, collections, deadlines, and source citations. Customer users access that data through the Foresight platform over encrypted connections.

Public marketing pages, live examples, and demo payloads are separate from private customer workspaces. They do not expose customer workspace data, private source material, or user records.

Foresight has completed SOC 2 Type I, and SOC 2 Type II audit work is in progress. Our security program is designed to support enterprise vendor review, including security questionnaires, legal review, data protection review, and procurement due diligence.

During active customer review, Foresight can provide current security and data protection documentation, including SOC 2 materials, architecture and data-flow information, subprocessors, and answers to customer security questionnaires.

Foresight performs regular penetration testing as part of its security program and runs continuous vulnerability scanning across the application and infrastructure. Findings are triaged, prioritized, and tracked through remediation based on severity and potential customer impact.

Foresight is built as a multi-tenant platform with customer workspaces separated by organization. Customer records carry organization scope, and workspace-aware authorization is applied before customer data can be read, changed, assigned, commented on, or included in a product workflow.

Authentication proves who someone is; it does not automatically grant access to customer data. Foresight resolves the signed-in identity to a known Foresight user, verifies organization membership, and then applies the role associated with that workspace before returning workspace data.

Collaboration and workflow activity is tied to the customer organization. Comments, task changes, assignments, status updates, and related activity are recorded in product activity history, supporting internal review and accountability within the workspace.

Operational access is separated from customer workflows and limited to authorized personnel with a legitimate business need. Background processing and scheduled work use controlled service paths with appropriate authorization boundaries.

Traffic between the browser, Foresight applications, identity providers, and backend services is encrypted in transit using HTTPS/TLS. Customer data stored in application databases and file storage is encrypted at rest by our managed cloud infrastructure providers.

Application sessions use secure cookie handling. Backend services verify signed session context and workspace membership before returning customer data, so encryption is paired with authorization at the data boundary.

Foresight uses a managed identity layer and application sessions for customer authentication. Access is evaluated on every workspace-aware workflow instead of relying solely on the initial sign-in event.

SAML/SSO is available for enterprise customers. Trial workspaces typically use standard account access for evaluation, with SSO enabled separately when required for an enterprise security review or customer rollout.

Organization membership roles are modeled in Foresight as admin, member, and viewer. These roles control who can access a workspace and what customer workflows they can perform. Workspace admins can review accepted members and manage invitation state; invitation details are not broadly exposed to non-admin workspace members.

Foresight does not create product users or workspaces simply because someone authenticates successfully. Access depends on an existing Foresight user and organization membership.

Foresight uses AI to help surface regulatory information, extract structured context, compare sources, and support faster review. AI is used to assist the regulatory workflow; it does not approve, reject, or make compliance decisions for customers.

Customer data is not shared with model providers for training and is not used to develop foundation models. Model interactions are scoped to the workflow being performed, and Foresight avoids sending unnecessary customer context when processing AI-assisted tasks.

AI-generated regulatory context is designed to remain verifiable: source documents, citations, jurisdictions, substances, dates, and review state stay attached where applicable. The product is designed for evidence-led review, so teams can inspect the source material behind the information that Foresight surfaces before using it in internal decision-making.

Foresight also uses layered AI-safety controls for regulatory work: automated validation gates, evaluation sets, source checks, and independent model-based review agents that check higher-risk interpretation tasks. When a workflow cannot verify evidence or resolve ambiguity with sufficient confidence, it is escalated for human review before a conclusion is surfaced.

Foresight's data footprint spans the United States and European Union. Some customer platform data is hosted in the EU, and analytics and reporting data is handled in the EU.

Some customer data and supporting infrastructure may be hosted in the United States depending on the service, environment, and customer commitments. Applicable residency, subprocessor, and transfer details are documented during customer security, procurement, and data protection review.

Full EU data residency for customer platform data is on the Foresight roadmap. Customers with specific residency requirements can review the current deployment model and planned options during procurement.

Customer data is backed up nightly. Backups are encrypted in transit and at rest and are managed within Foresight's cloud infrastructure controls.

Restore processes are tested regularly as part of Foresight's operational readiness program, helping ensure recovery procedures remain current and effective.

Foresight is built for regulatory teams handling sensitive product, substance, portfolio, and decision context. We process customer data to provide the platform, operate the service, support customers, and protect the security and reliability of Foresight.

Application responses are limited to the information needed for the relevant product workflow. Private workspace data is not used in public demos, marketing payloads, or public website experiences.

Foresight runs on managed cloud infrastructure with separated production and preview environments. Release verification does not share the live customer database, and the release process supports rollback of production deployments during incidents.

Changes move through automated checks before production. The release process includes build checks, type checking, code quality checks, deployment gates, preview deployments, and end-to-end verification for customer-facing changes.

Customer-impacting incidents and security issues are handled through operational response processes. The Foresight team can provide additional detail about monitoring, incident handling, and operational controls during an active enterprise review.

Foresight does not operate physical servers. We use managed cloud providers for application hosting, backend services, database, and file storage. Physical security for the underlying data centers is handled by those providers.

For enterprise security review, procurement support, or data protection documentation, contact your Foresight commercial contact or email security@useforesight.io.

Security issues can also be reported to the same address.