Security

Customer trust and data security are critical to everything we do at Forest.

Product Security

  • key.svg
    SSOSingle Sign-On (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials
  • user-lock.svg
    PermissionsWe enable permission levels within the app to be set for your employees. Permissions can be set to include app settings, billing, user data, or the ability to send or edit messages.
  • fingerprint.svg
    Password and Credential StorageForest enforces a password complexity standard and credentials are stored using a PBKDF function (bcrypt).
  • heart-pulse.svg
    UptimeWe strive to maintain an uptime of 99.8% or higher.
  • man, profile, account, user, privacy, lock, security, protection, username, password, login.svg

    Network and Application Security

  • database.svg
    Data Hosting and StorageForest services and data are hosted in Amazon Web Services (AWS) facilities (us-east-2) in the USA.
  • file-export.svg
    Failover and DRForest was built with disaster recovery in mind and regularly tests disaster recovery processes.
  • backward-step.svg
    Backups and MonitoringOn an application level, we produce audit logs for all activity, ship logs to Papertrail for analysis and use S3 for archival purposes. All actions taken on production consoles or in the Forest application are logged.
  • user-lock.svg
    Permissions and AuthenticationAccess to customer data is limited to authorized employees who require it for their job. Forest is served 100% over https. Forest runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Forest's network. We use 2-factor authentication (2FA) and strong password policies on all our accounts to ensure access to cloud services are protected.
  • handshake-simple.svg
    EncryptionAll data sent to or from Forest is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only.
  • user-secret.svg
    Pentests and Vulnerability ScanningForest uses third party security tools to continuously scan for vulnerabilities. Twice yearly we engage third-party security experts to perform detailed penetration tests on the Forest application and infrastructure.
  • envelopes-bulk.svg
    Incident ResponseForest implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
  • woman, server, rack, network, cloud, storage, transfer, download, upload.svg

    Additional Security Features

  • book.svg
    TrainingAll employees complete Security and Awareness training annually.
  • clipboard-check.svg
    PoliciesForest has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
  • user-shield.svg
    Employee VettingForest performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.
  • eye-low-vision.svg
    ConfidentialityAll employee contracts include a confidentiality agreement.
  • money-check.svg
    PCI ObligationsAll payments made to Forest go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.
  • woman, man, lighthouse, navigation, compass, direction, travel, map.svg

    Security questions?

    If you have additional questions or think you may have found a security vulnerability, please get in touch with our security team.

    Cookie Settings
    This website uses cookies

    Cookie Settings

    We use cookies to improve user experience. Choose what cookie categories you allow us to use. You can read more about our Cookie Policy by clicking on Cookie Policy below.

    These cookies enable strictly necessary cookies for security, language support and verification of identity. These cookies can’t be disabled.

    These cookies collect data to remember choices users make to improve and give a better user experience. Disabling can cause some parts of the site to not work properly.

    These cookies help us to understand how visitors interact with our website, help us measure and analyze traffic to improve our service.

    These cookies help us to better deliver marketing content and customized ads.