Trust, engineered into the platform.
Falcon is built for organizations that treat security as a product requirement — not a checklist.
Who you are, verified.
Enterprise-grade identity from day one.
Multi-Factor Authentication
TOTP, WebAuthn and passkeys — enforceable at the workspace level.
Single Sign-On (SSO)
SAML 2.0 with Okta, Azure AD, Google Workspace and any SAML IDP.
SCIM Provisioning
Automated user, group and role lifecycle from your identity provider.
Device Fingerprinting
Per-session device profiles for anomaly detection and access decisions.
Session Management
Explicit session lifetimes, idle timeouts and per-workspace policies.
Remote Revocation
Terminate any session, device or key from the admin console in one click.
Your data, your control.
Encrypted, isolated, exportable and deletable — always.
Encryption at Rest
AES-256 for all storage — documents, embeddings, logs and backups.
Encryption in Transit
TLS 1.3 with modern ciphers and HSTS across every endpoint.
Secret Vaults
Isolated, per-tenant vaults for API keys, connector credentials and BYOK material.
Customer Data Controls
Opt-out of training, per-workspace retention and export policies.
Export & Deletion
Self-serve full data export and verifiable deletion on request.
Tenant Isolation
Row-level security, logical isolation and dedicated cloud options.
Defense in depth.
Guardrails at every layer of the stack.
Row Level Security
Every table enforces access at the database layer — defense in depth.
Role-Based Access
Fine-grained roles for users, agents, workflows and APIs.
Immutable Audit
Append-only, tamper-evident logs for every privileged action.
Rate Limiting
Per-user, per-IP and per-key limits with adaptive throttling.
DDoS Protection
Edge-layer mitigation across every region we serve.
Content Filtering
Configurable safety, PII detection and prompt-injection defenses.
Ready for your auditors.
Aligned with the standards your legal and risk teams already require.
GDPR
EU data residency, DPA, and lawful-basis mapping across processing activities.
SOC 2 Type II
Continuous controls monitoring with an active audit program.
ISO 27001
Aligned ISMS with roadmap toward full certification.
HIPAA
BAA available for regulated healthcare workloads.
Privacy Controls
Consent management, data-subject requests and clear processing records.
Retention Policies
Configurable retention for chats, artifacts, embeddings and logs.
Manage AI at scale.
Reviews, monitoring, auditing and policy — visible and enforceable across the org.
Access Reviews
Periodic attestations for privileged roles and sensitive workspaces.
Security Monitoring
SIEM-ready event streams and anomaly detection across the platform.
Usage Auditing
Full traceability from prompt to model, agent, tool and output.
Policy Enforcement
Workspace-level policies for models, connectors, redaction and export.
Workspace Governance
Org-wide guardrails with team-level overrides and inheritance.