Security

• All traffic is encrypted via TLS 1.3
• API keys are encrypted at rest using AES-256
• Database access is restricted via row-level security policies
• Secrets and credentials are managed via environment secrets with no plaintext exposure

• Role-based access control for admin and user permissions
• Multi-factor authentication required for infrastructure access
• All admin actions are logged with IP, timestamp, and actor
• Session tokens expire and rotate automatically

• 24/7 automated monitoring for anomalous traffic patterns
• Error tracking and alerting via Sentry
• Rate limiting and abuse detection at the gateway layer
• Incident response documented in our status page

If you discover a security vulnerability in Foxora AI, please contact security@foxora.ai with a clear description of the issue, steps to reproduce, and potential impact. We aim to respond within 48 hours and will credit responsible disclosures. Please do not publicly disclose vulnerabilities before xBesh Labs, LLC has had reasonable time to respond.