insforge logoinsforge
Security

Security at insforge

Agent-native infrastructure handles critical workloads. We take security seriously at every layer — from the API surface to the physical infrastructure.

Encryption everywhere

  • All data encrypted at rest with AES-256
  • All data in transit protected via TLS 1.3
  • API keys hashed with bcrypt, never stored in plaintext
  • Database credentials rotated automatically every 30 days

Access control

  • JWT sessions with configurable expiry
  • Role-based access control (RBAC) on all resources
  • Per-API-key scope and rate limit configuration
  • SSO / SAML for Enterprise plans

Observability and audit

  • Complete audit log for all privileged actions
  • Real-time alerting on anomalous access patterns
  • Log retention configurable per plan
  • SOC 2 Type II audit in progress

Vulnerability disclosure

  • Coordinated disclosure program via security@insforge.co
  • 90-day fix timeline for critical vulnerabilities
  • Public CVE disclosure after patch is available
  • Bounty program — details on request

Responsible disclosure

If you discover a security vulnerability in the insforge platform, please report it to security@insforge.co. We commit to:

  • Acknowledge your report within 24 hours
  • Provide a fix timeline within 5 business days for critical issues
  • Credit researchers who responsibly disclose valid vulnerabilities
  • Not pursue legal action against researchers acting in good faith