How does Recorded Future keep my data secure?
Recorded Future uses a combination of encryption, highly trained staff, and technical safeguards to protect our customers’ data.
Recorded Future’s information security program includes measures such as:
- Encrypted and hashed passwords
- Active DDoS mitigation
- Automated account lockouts
- Extensive facility access controls
- Multi-factor authentication
- Comprehensive threat intelligence program
- Automated security scans of our systems
- Active penetration testing
- Extensive internal security awareness program and training for employees
- Recorded Future Vulnerability Reporting Program
Lastly, Recorded Future has a dedicated product security team that scours our service for potential vulnerabilities, and helps our engineers ship secure code. Our team uses Recorded Future to automatically collect and analyze data from open, technical, and dark web sources to provide the latest information on direct and emerging threats that may impact our company.
How does Recorded Future ensure my privacy?
Does Recorded Future encrypt customer data?
To ensure the security of customer data throughout its lifecycle, Recorded Future encrypts information both at rest and when it is in motion.
Data is stored with Advanced Encryption Standard (AES) 256-bit encryption when at rest.
What customer information does Recorded Future store?
Beyond customer financial information that is securely kept for billing purposes, and user passwords to allow access to the service, Recorded Future stores the following customer data:
- Saved Queries
- User-Generated Analyst Notes
- Lists, including Watch Lists
Recorded Future encrypts and stores this data securely. Recorded Future logs certain user actions. Logs that contain user-provided query data are automatically deleted after 14 days, and all other customer data (including Analyst Notes) is deleted after a subscription is terminated. Moreover, as stated above, Recorded Future has an entire infrastructure in place to ensure that this data cannot be accessed by any unauthorized party.
How does Recorded Future respond to government or law enforcement requests for data?
- Satisfy a valid law enforcement request, or as required by law
- In case of emergency, to protect the property, safety, security, and rights of Recorded Future, its users, or the general public
Plus, any request that is received is extensively reviewed to ensure compliance with all applicable laws, and it is Recorded Future’s policy to respond as narrowly as possible to best protect our customers’ privacy.
Does Recorded Future support single sign-on?
No, Recorded Future does not provide single sign-on (SSO) support at this time, but we are always in the process of expanding our service and may add this feature in the near future.
Does Recorded Future adhere to secure coding guidelines?
Yes, Recorded Future adheres to secure coding guidelines (including OWASP Secure Coding Practices) that address common software development vulnerabilities.