At Fenko Limited, we hold ourselves to high standards of corporate governance, security, and ethical conduct. As a company that builds and secures AI systems, we take these responsibilities seriously.

Corporate Structure

Company Details

  • Company: Fenko Limited
  • Jurisdiction: New Zealand
  • Registered Office: Auckland, New Zealand
  • Operations: Global, with remote-first team structure
  • Services: AI Agent Development, AI Security, Penetration Testing
  • Products: Foxhound, RiskyPlugins.com

Leadership Team

Our leadership team combines expertise in cybersecurity, AI engineering, threat research, and business management to guide Fenko’s strategic direction and operations.

Security Governance

Security-First Culture

Security is embedded in every aspect of our operations:

  • Service Delivery: All engagements follow secure practices and responsible disclosure
  • Data Protection: Comprehensive data security measures following industry best practices
  • Incident Response: Established protocols for security incident management and disclosure
  • Third-Party Security: Rigorous vetting of suppliers and service providers

Risk Management Framework

We maintain a comprehensive risk management programme covering:

  • Operational Risks: Service availability, data integrity, and system performance
  • Security Risks: Threats to our platforms, tools, and client data
  • Compliance Risks: Regulatory obligations across multiple jurisdictions
  • Reputational Risks: Maintaining trust and transparency with stakeholders

Privacy & Data Protection

Privacy by Design

Our approach to privacy protection includes:

  • Minimisation: We collect only data necessary for service provision
  • Transparency: Clear communication about data usage and processing
  • User Control: Tools for users to understand and manage their data
  • Compliance: Adherence to New Zealand Privacy Act 2020 and relevant international standards

Data Governance

  • Data Classification: Structured approach to data sensitivity and handling requirements
  • Retention Policies: Clear guidelines for data lifecycle management
  • Access Controls: Role-based access with principle of least privilege
  • Audit Trails: Comprehensive logging and monitoring of data access

Ethical AI & Analytics

Responsible Development

Our AI agent development and security assessment systems are built with:

  • Fairness: Regular testing for bias and discriminatory outcomes
  • Transparency: Clear documentation of methodologies and limitations
  • Accountability: Human oversight and review mechanisms for automated decisions
  • Continuous Improvement: Ongoing research and validation of our models and tools

Research Ethics

Our security research programme follows established ethical guidelines:

  • Responsible Disclosure: Proper vulnerability reporting and coordination
  • Data Ethics: Appropriate consent and anonymisation in research activities
  • Publication Standards: Responsible sharing of security findings
  • Collaboration: Working with the security community and academic institutions

Regulatory Framework

We operate in compliance with applicable legal requirements and industry best practices:

  • New Zealand Law: Companies Act 1993, Privacy Act 2020, and Consumer Guarantees Act 1993
  • Security Principles: Established information security management principles
  • Data Protection: Appropriate data protection measures, including considerations for international privacy requirements
  • Industry Standards: Best practices from recognised security frameworks and guidelines

Licensing & Legal

  • Intellectual Property: Respect for intellectual property rights in all operations
  • Open Source Compliance: Proper attribution and licensing for open-source components
  • Export Controls: Compliance with applicable technology export regulations
  • Terms of Service: Clear, enforceable agreements with clients and users

Transparency & Reporting

Public Transparency

We’re committed to transparency through:

  • Security Reports: Publications about our security findings and research
  • Vulnerability Disclosure: Open communication about security issues and resolutions
  • Methodology Documentation: Explanations of our assessment approaches
  • Community Engagement: Active participation in security research communities

Stakeholder Communication

  • Client Updates: Regular communications about service improvements and security matters
  • Industry Collaboration: Sharing insights and best practices with the broader security community
  • Regulatory Cooperation: Working constructively with regulatory authorities

Internal Controls & Audits

Financial Controls

  • Accounting Standards: Proper accounting in accordance with New Zealand requirements
  • Financial Review: Internal processes for financial controls and reporting
  • Budget Management: Responsible allocation of resources
  • Tax Compliance: Fulfilment of all applicable tax obligations

Operational Controls

  • Quality Assurance: Continuous monitoring and improvement of service quality
  • Performance Monitoring: Regular assessment of service metrics
  • Change Management: Controlled processes for system updates and changes
  • Business Continuity: Disaster recovery and business continuity planning

Contact for Governance Matters

For questions about our governance practices or ethical standards:

Email: [email protected]

General Inquiries: [email protected]

Strong governance is fundamental to earning and maintaining trust. We continuously improve our practices to meet the highest standards of corporate responsibility and operational excellence.