Security Statement

foreknown GmbH, Germany
Last updated: 03.04.2023

This Security Statement describes how we, the foreknown GmbH, ensure that the privacy and security of our customers is not at risk nor can be impaired.

Hosting & Reliability

• Our cloud-based product foreknown is hosted on the cloud platform of Hetzner Online GmbH (Hetzner). With several hundred thousand servers, Hetzner is one of the largest and multiple award-winning web hosters and data center operators in Europe.
• Hetzner provides their own data centers, which are well protected thanks to a video-monitored high-security fence and special access control systems.
  • Europe: All their data centers in Europe comply with strict European data protection regulations. The data center parks in Nürnberg and Falkenstein are centrally located in Europe and thus offer our customers fast connections in Western, Central, Southern and Eastern Europe. The data center park in Helsinki extends the offer for North Europe customers.
  • USA: Hetzner Cloud products in Ashburn, Virginia, and Hillsboro, Oregon, run on Hetzner-owned servers in third-party data centers in the US. All their servers in the Ashburn and Hillsboro data centers are used exclusively by Hetzner.
• Hetzner is certified according to DIN ISO/IEC 27001. The internationally recognized standard for information security certifies that Hetzner Online GmbH and Hetzner Finland Oy has implemented a suitable information security management system, ISMS for short, and that it is lived by. The ISMS takes place at the Nuremberg and Falkenstein sites and at the Helsinki site. The corresponding certification procedure was carried out by FOX Certification GmbH. The certificate demonstrates adequate security management, the security of data, the confidentiality of information and the availability of IT systems. It also confirms that the security standards are continuously improved and sustainably controlled. (see https://www.hetzner.com/de/assets/downloads/FOX-Certificate.pdf)
• The servers of foreknown are hosted by default in Hetzner's German data centers, unless the customer explicitly requests another location.

Encrypted Data Transmission, Storage, and Backups

• All data of the foreknown app is sent using the browser over a secure, encrypted connection with 128-bit TLS 1.2 or higher.
• Passwords are stored encrypted and hashed with salt using a strong hashing algorithm.
• Sensitive documents such as offers, orders and invoices are stored in encrypted form.
• All data of the foreknown app and database is encrypted at rest.
• Our backups are stored encrypted.

Operational Security

• Our servers have been configured and foreknown has been designed to protect against common web attacks.
• We access customer data only when necessary to fulfill our contractual obligations to you. In addition, our employees cannot log into customer accounts through a user interface, and if we need access to resolve an issue, we first obtain consent from the customer in question. At that time, customers are welcome to withhold that consent. Other than the raw data in the database, we do not have any other user interface available to authorized individuals.
• Our systems are kept up to date with the latest software versions and security patches. Our code review process prevents any malicious code from entering the codebase.

General Security

• If you are running on the “Starter Package” your account runs on a multi-tenant architecture which ensures that any data a user retrieves from the foreknown system belongs to the account of that user.
• If you are running on the “Standard Package” your account has an own foreknown instance with an individual sub-domain and is installed on a dedicated virtual server completely separated from all other accounts.
• All passwords are stored encrypted and hashed with salt using a strong hashing algorithm.
• All users are requested to use strong passwords.

Permission and Access Control

• It is important that your users can only access data and functions which they are authorized to. Therefore, different user roles can be assigned to each user, which give users exactly the permissions needed.
• Only user with the role “Permission Administrator” are able to assign roles to users. This role is initially given to the user, who ordered the foreknown account. This ensures that even Account Administrators cannot give themselves e.g., the HR Manager role in order to access employee contracts.

Privacy and GDPR Compliance

• We take data privacy and protection extremely seriously. Please see our Privacy Policy for details how we comply with data protection laws.