// Trust & Security Report

    Forethought AI (now part of Zendesk) logo

    Forethought AI (now part of Zendesk)

    Forethought multi-agent AI platform for customer support: Solve Agent (omnichannel resolution), Triage Agent (ticket classification), Discover Agent (insights), QA Agent, and Agentic AI Copilot across chat, email, voice, Slack, and headless channels.

    Certifications held

    6

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Compliance: SOC 2 Type II ... Resources: SOC2 Audit Report (available on request via the Trust Center). Security page: 'certified for SOC 2' with annual Type II audits.

    Verify on trust.forethought.ai
    HIPAA
    HELD

    Compliance: HIPAA ... Resources include 'HIPAA Audit Report'. FAQ: 'HIPAA Compliant?' Security page: controls aligned with HIPAA requirements.

    Verify on trust.forethought.ai
    ISO 27001
    HELD

    ISO 27001: 'independently audited and certified to meet compliance standards' (stated on the Security & Compliance page). Note: not surfaced on the Trust Center compliance list, but asserted on forethought.ai/platform/security.

    Verify on forethought.ai
    NIST Cybersecurity Framework
    HELD

    Compliance: 'NIST Cybersecurity Framework' listed under the Trust Center Compliance section.

    Verify on trust.forethought.ai
    GDPR
    HELD

    Compliance: 'GDPR' listed in Trust Center. Security page: 'Data Processing Agreement (DPA) reflects the requirements of the GDPR and CCPA'.

    Verify on trust.forethought.ai
    CCPA
    HELD

    Compliance: 'CCPA COMPLIANT' shown on the Trust Center; DPA reflects CCPA requirements.

    Verify on trust.forethought.ai
    > Show 1 unconfirmed / not-held certifications
    FedRAMP
    NOT CONFIRMED

    Trust Center FAQ explicitly lists the question 'FedRAMP compliant?' indicating it is addressed but not held as a certification; no FedRAMP authorization evidence found.

    source: trust.forethought.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Personal information may be stored and processed in your region or the United States. Post-acquisition data may run on Zendesk AWS infrastructure across countries where Zendesk or its service providers maintain facilities.

    Forethought trains models individually per customer on that customer's own past tickets and help-center content ('Trained on Your Data'). It does NOT train shared/foundation models across clients, supporting per-customer data isolation. The product purpose is per-tenant model training, not pooling customer data into a shared model.

    // Security controls

    Encryption

    Data encrypted at rest; TLS in transit.

    forethought.ai

    Penetration testing

    Regular pen tests with trusted security vendors; projects receive security-design reviews and threat models. Pen Test report available on the Trust Center.

    forethought.ai

    Bug bounty

    Private, invite-only bug bounty program via HackerOne; uninvited reports accepted at security+bbp@forethought.ai.

    forethought.ai

    Data redaction

    Automatic PII/PHI/financial data redaction on ingestion (best-effort); original sensitive data securely deleted within 24 hours. 300M+ interactions redacted.

    forethought.ai

    Access controls

    Role-based access controls, customer-specific data segmentation, SSO, MFA-enforced remote access, restricted encryption-key access.

    trust.forethought.ai

    Secret management

    Production secrets managed with AWS tooling.

    forethought.ai

    Resilience

    Disaster Recovery test and results, incident response policies, and data center access reviews documented in Trust Center controls.

    trust.forethought.ai

    // Products & data scope

    Solve Agent (Omnichannel AI Agent)AI customer support agent

    data: Ingests customer tickets and help-center content; processes end-user conversations across chat, email, voice, Slack, headless. Acts as data processor on customer data.

    Per-customer model training; PII/PHI redacted by default.

    Triage AgentTicket classification / routing

    data: Processes inbound ticket content to classify, prioritize, and tag. Pre-built or custom per-customer models.

    No cross-customer model sharing.

    Discover AgentSupport analytics / insights

    data: Analyzes aggregate support interactions to surface knowledge gaps and recommendations.

    Aggregated insight generation.

    QA AgentAgent quality assurance

    data: Scores human agent tickets; processes conversation transcripts.

    Operates on customer ticket data as processor.

    Agentic AI CopilotAgent assist

    data: Real-time suggestions inside the helpdesk; reads ticket context.

    Embedded in existing helpdesk; no data leaves customer tenant model scope.

    // What to watch

    • Acquired by Zendesk (2025) — 'Forethought is now part of Zendesk'; data infrastructure and policies are migrating to Zendesk, which may change subprocessor/residency details over time.
    • Authoritative policy is forethought.ai/privacy-policy.
    • ISO 27001 is asserted on Forethought's Security page but is not listed on the Trust Center compliance panel; SOC 2 Type II, HIPAA, NIST, GDPR, CCPA are consistent across both.
    • Most detailed reports (SOC 2, HIPAA, Pen Test, security whitepapers) are gated behind Trust Center 'Request access' rather than public.

    // At a glance

    Pricing model

    Enterprise / sales-led (Request Demo, custom pricing; no public self-serve tier).

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Forethought AI (now part of Zendesk)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.forethought.ai

    > Browse all vendor trust reports