FAQ (GRC)

Data Privacy

Does Recorded Future comply with the EU GDPR?

Yes. Recorded Future has undergone several assessments related to the GDPR, and worked with privacy experts to ensure compliance with the regulations. Recorded Future is a member of the EU-US Privacy Shield Framework offered by the US Department of Commerce, and more information can be found in our Privacy Policy.

Does Recorded Future incorporate ‘privacy-by-design’ principles?

Yes. Recorded Future incorporates ‘privacy-by-design’ across its Research & Development, Engineering, Product, and other teams to ensure the foundational principles are followed by default. These teams are actively trained in both security and privacy best practices.

Recorded Future has also appointed a Data Protection Officer, and actively uses cross-functional teams to perform regular privacy impact assessments, to ensure privacy-by-design is implemented across our services.

Furthermore, Recorded Future strictly adheres to a data minimization policy by which logs are automatically deleted after 14 days (see Recorded Future’s privacy policy for more information).

Ethics and Compliance

Does Recorded Future currently maintain policies designed to comply with applicable anti-money laundering, foreign bribery and corruption, and other fraud-related laws?

Yes. Recorded Future strives to build and maintain a work environment that upholds the highest standards of business behavior. To ensure that these standards are met, Recorded Future maintains both policies and compliance infrastructure addressing the following areas – anti-money laundering; US and international anti-bribery and corruption; and fair competition and antitrust.

Does Recorded Future currently maintain policies regarding export and trade sanctions compliance?

Yes. Recorded Future’s policy is to export or re-export in strict compliance with U.S. or other applicable laws and regulations.

Specifically, Recorded Future will not export or re-export to Cuba, Iran, North Korea, Sudan, Syria, the Crimea region of Ukraine, or to any other country or region subject to trade sanctions. Additionally, Recorded Future will halt distribution and further investigate any suspected military end-use with sanctioned entities in China, Venezuela, or Russia. Similarly, export or re-export will be prohibited if it involves any person or entity named on applicable sanction lists published by the U.S. government (including the U.S. Department of Commerce, Department of State, or Department of Treasury), in addition to lists published by the authorities in certain foreign jurisdictions.

Recorded Future’s export control classifications by the U.S. Bureau of Industry and Security (Department of Commerce) can be found below:

FAQ GRC

FAQ GRC

Business Governance

Does Recorded Future have a Code of Conduct?

Yes, Recorded Future strives to build and maintain a work environment that upholds the highest standards of business behavior. Our company values individuals who are ethical, and share the dedication & passion that will build on Recorded Future’s continued success. The Code of Conduct affirms our commitment to these high standards.

Does Recorded Future maintain adequate insurance?

Yes, Recorded Future maintains insurance with companies carrying a rating of A- VII or better by the A.M. Best Company to cover numerous types of insurance including commercial general liability.

Does Recorded Future comply with the UK Modern Slavery Act?

Yes, Recorded Future is committed to ensuring that no form of modern slavery or human trafficking plays any part in our business or supply chain. We strive to build and maintain a work environment that upholds the highest standards of business behavior. You can find Recorded Future’s Modern Slavery Act statement here.