ForjinnForjinn
User Experience

Security & Compliance Guide

Security, privacy, and organizational compliance are first-class concerns for all production deployments of Forjinn—whether on-prem, hosted SaaS, or cloud. This guide covers platform security features, best practices, compliance standards, and how to prepare for audits or certifications.

Platform Security Features

  • SSO/MFA: Enterprise authentication, two-factor recommended/required (see SSO Configuration)
  • Role-Based Access Control: Workspace-level roles, least privilege default, audit log of all changes.
  • Secret Management: Credentials manager for API keys/secrets, never exposed to UI/JS, encrypted at rest.
  • Data Encryption: All data encrypted at rest (AES256) and in transit (TLS/SSL).
  • Logging & Audit: Detailed per-user action logs, login activity, and platform event logs. Exportable for SIEM/SOC2 audits.
  • API Gateway Security: Authentication, rate limiting, and request validation for all gateway endpoints.

Compliance

  • GDPR: Full right to access, correct, or delete user data. Data location configurable per org/tenant.
  • SOC2: Platform is designed for SOC2 compliance (monitoring, access logs, change management).
  • HIPAA: No PHI storage by default; contact support for compliant configurations.
  • DPA/Legal: Data Processing Addendum available on request.

Agent Framework Security

When using supported agent frameworks, the following security practices apply:

  • Google ADK: API keys and service credentials are stored encrypted; model calls route through secure channels
  • CrewAI: Multi-agent communications are contained within the platform; no external data leakage
  • AutoGen: Conversational agent sessions are isolated per workspace; tool execution follows credential permissions

API Gateway Security Practices

  • Enforce HTTPS for all gateway endpoints in production
  • Use token-based authentication (API keys, JWT) for endpoint access
  • Configure granular rate limits per endpoint to prevent abuse
  • Enable request logging for audit trails
  • Validate and sanitize all incoming request data

Best Practices

  • Enforce strong policies (password, SSO, 2FA) at org/workspace setup.
  • Regularly review and rotate API keys/secrets—disable orphaned credentials.
  • Assign user roles carefully; periodic access review.
  • Monitor logs and set up webhooks/alerts for suspicious actions (see Login Activity).
  • Use environment variable or K8s secrets for configuring sensitive values.
  • Test API Gateway endpoints with security scanning tools before production deployment.

Backups & Data Recovery

  • Daily automated backups of DB/uploads; retention per admin setting.
  • Restore can be performed by platform admin; confirm via restore drills.
  • Data deletion is permanent after specified retention window (see Privacy Policy).

Incident Response

  • Immediately contact support/security in case of breach or suspected compromise.
  • Have a restoration/testing playbook for backup/emergency scenarios.
  • Maintain two platform admin accounts with distinct credentials for rapid response.

Compliance Documentation

Security and compliance are a shared responsibility—follow platform best practices and your own legal/DPA guidelines for full coverage. "Security by design" is always the best policy.

Forjinn Best Practices | Enterprise AI Development Guidelines

Essential best practices for building robust AI workflows in Forjinn. Security, scalability, and maintenance guidelines for enterprise AI development.

Privacy Policy

Next Page

On this page

Platform Security FeaturesComplianceAgent Framework SecurityAPI Gateway Security PracticesBest PracticesBackups & Data RecoveryIncident ResponseCompliance Documentation