// Trust & Security Report
Forethought AI (now part of Zendesk)
Forethought multi-agent AI platform for customer support: Solve Agent (omnichannel resolution), Triage Agent (ticket classification), Discover Agent (insights), QA Agent, and Agentic AI Copilot across chat, email, voice, Slack, and headless channels.
Certifications held
6
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.forethought.ai“Compliance: SOC 2 Type II ... Resources: SOC2 Audit Report (available on request via the Trust Center). Security page: 'certified for SOC 2' with annual Type II audits.”
Verify on trust.forethought.ai“Compliance: HIPAA ... Resources include 'HIPAA Audit Report'. FAQ: 'HIPAA Compliant?' Security page: controls aligned with HIPAA requirements.”
Verify on forethought.ai“ISO 27001: 'independently audited and certified to meet compliance standards' (stated on the Security & Compliance page). Note: not surfaced on the Trust Center compliance list, but asserted on forethought.ai/platform/security.”
Verify on trust.forethought.ai“Compliance: 'NIST Cybersecurity Framework' listed under the Trust Center Compliance section.”
Verify on trust.forethought.ai“Compliance: 'GDPR' listed in Trust Center. Security page: 'Data Processing Agreement (DPA) reflects the requirements of the GDPR and CCPA'.”
Verify on trust.forethought.ai“Compliance: 'CCPA COMPLIANT' shown on the Trust Center; DPA reflects CCPA requirements.”
> Show 1 unconfirmed / not-held certifications
source: trust.forethought.aiTrust Center FAQ explicitly lists the question 'FedRAMP compliant?' indicating it is addressed but not held as a certification; no FedRAMP authorization evidence found.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Personal information may be stored and processed in your region or the United States. Post-acquisition data may run on Zendesk AWS infrastructure across countries where Zendesk or its service providers maintain facilities.
Forethought trains models individually per customer on that customer's own past tickets and help-center content ('Trained on Your Data'). It does NOT train shared/foundation models across clients, supporting per-customer data isolation. The product purpose is per-tenant model training, not pooling customer data into a shared model.
// Security controls
Penetration testing
Regular pen tests with trusted security vendors; projects receive security-design reviews and threat models. Pen Test report available on the Trust Center.
forethought.aiBug bounty
Private, invite-only bug bounty program via HackerOne; uninvited reports accepted at security+bbp@forethought.ai.
forethought.aiData redaction
Automatic PII/PHI/financial data redaction on ingestion (best-effort); original sensitive data securely deleted within 24 hours. 300M+ interactions redacted.
forethought.aiAccess controls
Role-based access controls, customer-specific data segmentation, SSO, MFA-enforced remote access, restricted encryption-key access.
trust.forethought.aiResilience
Disaster Recovery test and results, incident response policies, and data center access reviews documented in Trust Center controls.
trust.forethought.ai// Products & data scope
data: Ingests customer tickets and help-center content; processes end-user conversations across chat, email, voice, Slack, headless. Acts as data processor on customer data.
Per-customer model training; PII/PHI redacted by default.
data: Processes inbound ticket content to classify, prioritize, and tag. Pre-built or custom per-customer models.
No cross-customer model sharing.
data: Analyzes aggregate support interactions to surface knowledge gaps and recommendations.
Aggregated insight generation.
data: Scores human agent tickets; processes conversation transcripts.
Operates on customer ticket data as processor.
data: Real-time suggestions inside the helpdesk; reads ticket context.
Embedded in existing helpdesk; no data leaves customer tenant model scope.
// What to watch
- Acquired by Zendesk (2025) — 'Forethought is now part of Zendesk'; data infrastructure and policies are migrating to Zendesk, which may change subprocessor/residency details over time.
- Authoritative policy is forethought.ai/privacy-policy.
- ISO 27001 is asserted on Forethought's Security page but is not listed on the Trust Center compliance panel; SOC 2 Type II, HIPAA, NIST, GDPR, CCPA are consistent across both.
- Most detailed reports (SOC 2, HIPAA, Pen Test, security whitepapers) are gated behind Trust Center 'Request access' rather than public.
// At a glance
Pricing model
Enterprise / sales-led (Request Demo, custom pricing; no public self-serve tier).
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Forethought AI (now part of Zendesk)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.forethought.ai