# Security & Privacy {% hint style="success" %} This is the official documentation of the `forestadmin/laravel-forestadmin` v2+ and `forestadmin/symfony-forestadmin` PHP agents. {% endhint %} ## Data Privacy ### Private by design When logging into the **Forest Admin UI** in your browser, you will connect to: 1. the **Forest Admin servers** to retrieve the **Forest Admin layouts configuration**, 2. the **Agent** to retrieve your **data** and populate the Forest Admin UI with it. {% hint style="success" %} As your data is transmitted directly from the Agent hosted on your end and the user browser, **it never transits through our servers**. {% endhint %} ![](https://647272774-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FABtuALf2WDQ7fxhI0JPa%2Fuploads%2Fgit-blob-a89c389c851b3589e97f5113585e3c0456896089%2Fsecurity-privacy-architecture.png?alt=media) ### **No third-party vendor tracking** {% hint style="success" %} Whatever your project plan (free or paying plan), Forest Admin guarantees the respect of data privacy. {% endhint %} In addition, Forest Admin provides an option to completely disable any third-party vendors that could track metadata of your activity available from your browser. {% hint style="info" %} You need to be on a [Forest Admin Pro plan](https://www.forestadmin.com/pricing) to have access to this feature. {% endhint %} ![](https://647272774-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FABtuALf2WDQ7fxhI0JPa%2Fuploads%2Fgit-blob-c4a220793ddad97134914afd4e8eef39e2a934da%2Fsecurity-privacy-no-3rd-party.png?alt=media) ## Security ### Tokens The connection to both the **Agent** and the **Forest Admin Servers** are protected using 2 different JsonWebTokens signed by 2 different keys: 1. `FOREST_ENV_SECRET` to authenticate all requests made to the **Forest Admin Servers** 2. `FOREST_AUTH_SECRET` to authenticate all requests made to the **Agent** ![](https://647272774-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FABtuALf2WDQ7fxhI0JPa%2Fuploads%2Fgit-blob-021f9294f4b74977b0b412f410c8e1b8984c94bd%2Fsecurity-privacy-jwt.png?alt=media) {% hint style="warning" %} `FOREST_ENV_SECRET` is provided by Forest Admin and ensures your Agent interacts with the relevant environment configuration on Forest Admin servers. `FOREST_AUTH_SECRET` is chosen freely by you and is unknown by Forest Admin. Both secrets must never be disclosed to anyone. {% endhint %} The JWT Data Token contains all the details of the requesting user. On any authenticated request to your Agent, you can use that information to implement custom behaviors. ```json { "id": "172", "email": "angelicabengtsson@doha2019.com", "firstName": "Angelica", "lastName": "Bengtsson", "team": "Pole Vault", "role": "Manager", "tags": [{ "key": "country", "value": "Sweden" }], "renderingId": "4998", "iat": 1569913709, "exp": 1571123309 } ``` ### IP Whitelisting The [IP whitelisting](https://docs.forestadmin.com/user-guide/project-settings/security-tab#ip-whitelisting) feature allows you to create a list of trusted IP addresses or IP ranges from which your admin users can both access to the **Forest Admin UI** and interact with your **Agent**. ![](https://647272774-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FABtuALf2WDQ7fxhI0JPa%2Fuploads%2Fgit-blob-6a8dc1b740c1d7c2d96da63874e5c1ff05356485%2Fsecurity-privacy-ip-whitelist.png?alt=media) ### **DMZ & VPN** You're free to host your **Agent** in the cloud architecture you want to be compliant with your security infrastructure (DMZ, VPN, etc.). ![](https://647272774-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FABtuALf2WDQ7fxhI0JPa%2Fuploads%2Fgit-blob-2d1076c9f16fca5172b970e79973964e728b3ab2%2Fsecurity-privacy-dmz-vpn.png?alt=media) ### Credentials We’re already working with companies compliant with the following Industry Standard Certifications. ![](https://647272774-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FABtuALf2WDQ7fxhI0JPa%2Fuploads%2Fgit-blob-2a963971480a67c50e34054812f75448c043567e%2Fsecurity-privacy-credentials.png?alt=media)