Security at Forsyt Energy

We take the security of our platform and your data seriously. Below is a concise summary of our current controls.

• Regions & hosting: AWS EU regions (primary: eu-north-1, optional workloads in eu-west-3). Data residency remains in the EU.
• Encryption: In transit via TLS 1.2+; at rest via AES‑256 (managed keys) for databases, object storage, and backups.
• Access control: SSO/MFA enforced for staff; least‑privilege IAM; access logged and regularly reviewed.
• Backups: Automated encrypted backups with a standard retention of 35 days. Point‑in‑time restore available for primary databases.
• Monitoring & vulnerability management: Dependency updates, container image scans, and runtime alerts on critical services.
• Uptime target: 99.5% for core API during trading days.
• Support window: DA market hours (06:00–20:00 CET) for pilot users; best‑effort outside these hours.
• Incident response: Documented IR procedure with customer notification in accordance with applicable law (e.g., GDPR Articles 33–34).
• Responsible disclosure: Please report suspected vulnerabilities to security@forsytenergy.com. We acknowledge all bona‑fide reports.