Security at Fortworx
Overview
Our mission at Fortworx is to make the internet safer by making it easier to report and fix security vulnerabilities. We take security very seriously and are committed to providing a secure platform for our users.
Report Processing
Web Form
Security vulnerability reports can be sent via email or web forms to Fortworx. The web-based reporting form is hosted on Fortworx servers and is only accessible on the fortworx.com domain.
All emails sent to your workspace email address are transmitted with rotating encryption keys. Once received, they are scanned for malware, phishing scams, and spam. The email and its attachments are then stored with rotating encryption keys in our storage.
Our servers retrieve the emails from the storage and analyze them using AI language models. The reports are then generated and stored in our database. The contents of the emails are then re-encrypted and stored on our servers until the report is deleted.
Access Control
Access to your workspace is controlled by the workspace Owner. The Owner can invite other users to the workspace and assign them roles. Fortworx supports three active roles:
- Owner — Full access, including billing and workspace deletion. Automatically assigned to the workspace creator.
- Admin — Can manage settings, invite members, and perform all report actions.
- Member — Can view and work on reports.
See Roles and Permissions for details.
Compliance
Every email, response, and action is tracked with a full audit trail. Fortworx is designed to support compliance with:
- GDPR
- PCI DSS
- HIPAA
- ISO 27001
- SOC2
- CCPA
Data Retention
- Free plan: 90 days retention
- Business plan: 10 years retention
See Manage Subscription for plan details.
Reporting Security Vulnerabilities
To report any security vulnerabilities related to Fortworx, please email security@fortworx.com.