Federal Research Data Demands Federal-Grade Security
ForecastFR is designed from the ground up to protect sensitive award, budget, and personnel data with controls aligned to SOC 2 and the security expectations of federally sponsored institutions.
Data Encryption
All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256. Database backups are encrypted with separate key material and stored across multiple availability zones.
Role-Based Access Control
Access to award data is scoped by organization and role using row-level security policies. Administrators can restrict access to specific PIs, departments, or award portfolios.
SOC 2 Readiness
ForecastFR maintains SOC 2 Type II readiness controls covering security, availability, and confidentiality. Customers on Professional and Enterprise plans can request reports under NDA.
Sub-Processor Security
We use Supabase (SOC 2 Type II), Anthropic (SOC 2 Type II), Lovable, and Stripe (PCI DSS Level 1). Each sub-processor is reviewed annually for security posture.
Incident Response
Our incident response process includes 24/7 monitoring, severity classification, and notification within 72 hours of confirmed personal data breaches as required by GDPR Article 33.
GDPR & Data Residency
ForecastFR honors data subject rights under GDPR. Enterprise customers may request data residency in specific regions including the EU and the United States.
Security Contact
For security questions, compliance documentation requests, or to report a vulnerability, contact our security team directly.
security@forecastfr.comResponsible Disclosure
We welcome reports from security researchers. Submit findings to security@forecastfr.com with reproduction steps. We commit to acknowledging reports within 3 business days and will not pursue legal action against good-faith research.