FoCoCo treats security and privacy as core product requirements. This Statement summarizes our approach; it does not guarantee that any online service is immune from every risk.
1. Security principles
- Collect only data reasonably needed for the service.
- Use secure cloud providers and safeguards appropriate to the sensitivity and risks of the data.
- Limit production access to authorized people and systems with a legitimate need.
- Design for confidentiality, integrity, availability and recoverability.
- Review security as features, providers and risks change.
2. Technical and organizational measures
- Encryption in transit using current transport security.
- Protected cloud storage and provider-managed encryption at rest where supported.
- Secure authentication, password hashing and account-recovery controls.
- Role-based access, least-privilege principles and administrative logging.
- Secrets and API-key controls, environment separation and restricted production access.
- Monitoring, backups, vulnerability management and incident-response procedures.
3. AI, voice and location security
- Only the information reasonably needed for an AI request is sent to the relevant provider.
- Raw voice is retained only as long as needed for processing unless deliberately saved or preserved for a documented reason.
- Location access is permission-based and limited to location-enabled product functions.
- FoCoCo does not use microphone or location data for advertising.
4. Service providers
Providers are assessed according to their role and risk. Where required, FoCoCo uses data-processing agreements, confidentiality duties, transfer safeguards and security commitments.
5. Incidents
FoCoCo maintains procedures to investigate, contain and remediate suspected incidents. Where a personal-data breach creates a legal notification duty, FoCoCo will notify the competent authority and affected users within the applicable timeframe.
6. Your role
- Use a unique password and protect your email account.
- Do not share verification codes or account access.
- Keep devices and operating systems updated.
- Report suspected unauthorized access promptly to security@fococo.ai or support@fococo.ai.
7. Responsible disclosure
Security researchers should report suspected vulnerabilities privately to security@fococo.ai and avoid accessing, changing or retaining another person’s data. FoCoCo will acknowledge and investigate good-faith reports.