Foxpass Compliance

Foxpass, a Splashtop company, adheres to the highest standards of information security and privacy.

Our solutions are developed and operated within Splashtop’s certified Information Security Management System (ISMS) and audited controls framework, helping customers meet their own compliance requirements across various industries.

Certified under: ISO/IEC 27001:2022 | SOC 2 Type 2
Compliant with: GDPR | CCPA
Supports customer compliance with: ISO/IEC 27001 | SOC 2 | GDPR | HIPAA | CCPA | PCI DSS | FERPA

Foxpass solutions help customers implement identity and access controls, network segmentation, SSH key and privileged access management, detailed logging, and encryption safeguards that align with these regulatory frameworks and zero-trust security principles.

Splashtop is certified to ISO/IEC 27001:2022, the world’s leading standard for information security management systems (ISMS). This certification confirms that Splashtop — and all Foxpass services operated under its ISMS — maintain a comprehensive, independently audited security program covering people, processes, and technology.

Certification Scope: Development, maintenance, and operation of SaaS services including Foxpass Cloud RADIUS, PKI, Cloud LDAP, and SSH Key Management.

The 2022 update to ISO 27001 adds emphasis on cloud service security, threat intelligence, privacy by design, operational resilience, and third-party risk management.

How Foxpass supports your ISO 27001 compliance:
Foxpass helps organizations implement and maintain controls that align with ISO/IEC 27001 Annex A requirements — particularly those related to identity and access management (A.9), privileged access control, network security, and event logging.
By automating user authentication, enforcing least privilege, and maintaining centralized audit trails, Foxpass simplifies ongoing ISMS compliance and audit readiness.

Splashtop has achieved SOC 2 Type 2 compliance, validated by independent auditors under the AICPA Trust Services Criteria for Security, Availability, and Confidentiality.
Foxpass customers benefit from the same rigorously controlled environment for data protection and service reliability.

A public SOC 3 report is available for reference.
Additional SOC 2 documentation available upon NDA and by request.

How Foxpass supports your SOC 2 compliance:
Foxpass helps customers meet key SOC 2 Trust Services Criteria — especially those addressing Access Controls (CC6.x) and System Operations (CC7.x).
Through centralized authentication, detailed access logging, and certificate-based verification, Foxpass enables customers to demonstrate effective access management and monitoring in their own SOC 2 audits.

Foxpass and Splashtop comply with the principles and obligations of the EU GDPR as both Data Controller and Data Processor.

We implement data-protection-by-design practices, limit personal data collection to what’s necessary to service our customers, and secure all data in transit and at rest using strong encryption.

We maintain Data Processing Agreements (DPAs) with sub-processors and support customer requests related to access, correction, and deletion of personal data.

We have formally reviewed our GDPR readiness with a third party professional firm, put in place additional processes, and set up proper communication channels to handle all GDPR related inquiries and tasks both internally and externally.

See the Splashtop Privacy Policy and Corporate Data Processing Agreement for details.

How Foxpass Supports Your GDPR Compliance
Foxpass helps organizations strengthen their compliance with the EU General Data Protection Regulation (GDPR) by enabling key technical and organizational controls around data access, authentication, and security.

Specifically, Foxpass supports GDPR requirements by:

• Enforcing identity- and role-based access controls (Articles 5 & 32):
  Ensures only authorized users and managed devices can access systems that store or process personal data.

• Supporting data protection by design (Article 25):
  Integrates seamlessly with cloud identity providers (Entra ID, Okta, Google Workspace) to enforce least-privilege access and secure network segmentation — reducing data exposure risk.

• Providing detailed logging and auditability (Article 30):
  Maintains comprehensive access logs to support accountability and help demonstrate lawful, secure data processing.

• Protecting data in transit (Article 32):
  Uses certificate-based and encrypted authentication methods (EAP-TLS, LDAPS, HTTPS) to prevent interception of personal data.

• Simplifying compliance evidence:
  Enables IT and security teams to demonstrate access control and security measures during internal audits or regulator reviews.

In compliance with the CCPA, California residents may request access to, deletion of, or opt-out from the sale or sharing of their personal information.

Splashtop — and by extension Foxpass — maintains transparent privacy practices and provides mechanisms to exercise these rights as outlined in our Privacy Policy.

While Splashtop and Foxpass are not Business Associates under HIPAA and do not process patient records, Foxpass supports customers’ HIPAA Security Rule compliance initiatives by:

• Enforcing identity- and certificate-based authentication for network and server access

• Supporting MFA and encryption in transit to protect ePHI

• Managing SSH keys and privileged access to ensure that only authorized administrators can access critical systems

• Centralizing access control and maintaining detailed audit logs

• Simplifying network segmentation through dynamic VLAN assignment, ensuring only authorized users and trusted devices can access sensitive systems

These controls form part of the technical safeguards required under HIPAA, supporting compliance with access management, authentication, and audit requirements.

The Payment Card Industry Data Security Standard (PCI DSS) establishes strict requirements for protecting cardholder data and securing networks that process or transmit payment information.

While Foxpass does not store or process cardholder data, it supports PCI DSS compliance by providing the identity and access controls, audit logging, and network segmentation capabilities required to protect cardholder-data environments (CDEs).

Organizations use Foxpass to:

• Enforce least-privilege, identity-based access to systems handling payment data

• Restrict and monitor administrator access using SSH key and privileged-access management

• Log and audit authentication events for PCI DSS control validation

• Segment networks using RADIUS-based VLAN policies to isolate CDEs from general user traffic

Splashtop partners exclusively with PCI DSS-compliant payment providers for secure transaction processing, ensuring all card data is handled in accordance with PCI requirements.

FERPA protects personally identifiable information (PII) in students’ education records from unauthorized disclosure.

Foxpass helps educational institutions support FERPA compliance by securing network and system access through identity- and certificate-based authentication. By ensuring that only verified users and managed devices can access campus Wi-Fi, servers, and systems, Foxpass strengthens protection of sensitive student and institutional data.

Foxpass does not access or store student records and follows industry best practices for encryption and privacy.

Learn more about Splashtop and FERPA: Splashtop FERPA Info Sheet

Foxpass is backed by Splashtop’s secure cloud infrastructure, incorporating:

• End-to-end encryption and TLS 1.2+ enforcement

• Continuous monitoring and independent vulnerability assessments

• > 99.9% uptime with global redundancy

• Comprehensive audit logging for compliance evidence

For details, visit the Splashtop Security Overview and Technical and Organizational Measures (TOMs).

For compliance documentation, questionnaires, or security inquiries, contact us at sales@splashtop.com or speak with us at Sales - +1.408.886.7177 .