Security & Data Handling

FoundryOps is local‑first by design. The CLI runs on your machine, uses your credentials, and executes directly against your GTM systems. We minimize data collection and default to safety gates (dry‑run, approvals, receipts) so you can adopt quickly without risk.

Security at a Glance

Local execution: The CLI runs on your laptop or your environment — not on our servers.
BYO credentials: You use your own CRM/AI/provider keys and OAuth apps.
No data ingestion: We do not store your CRM data in our database.
Keys stay local: Credentials are stored in OS keychain or environment variables.
Dry‑run by default: Most actions preview changes before any write.
Approval gates: High‑impact actions require explicit apply/yes confirmation.
Receipts & diffs: Before/after artifacts provide an audit trail of changes.
Least privilege: Use the minimum scopes you need — we support scoped OAuth flows.
Optional support telemetry: Support tickets can include context only when you submit them.
SOC 2 roadmap: Security controls are being formalized toward SOC 2 compliance.

FAQ

Do you store our CRM data?

No. FoundryOps runs locally and executes actions directly against your systems using your credentials. We do not ingest or store your CRM data in our backend.

Where are credentials stored?

Credentials are stored locally in your OS keychain or environment variables. We do not store your keys server‑side.

Does FoundryOps phone home?

The CLI does not stream your CRM data to FoundryOps. The only outbound calls are to your configured providers (CRM, enrichment, sequencing, etc.) and optional support submissions you initiate.

Can we run in a locked‑down environment?

Yes. We can help you configure network allowlists, proxy settings, and scoped OAuth apps for enterprise environments.

Do you have SOC 2?

SOC 2 is in progress. We can share our security roadmap and controls upon request.

Who do we contact for security review?

Email [email protected] and we'll respond quickly with the details your team needs.