Security & Trust

Security & Trust at Flowtly

Your trust is our top priority. Flowtly is designed to protect your company’s operational data across every layer — from infrastructure to privacy and application controls.

Talk to our security team

ISO 27001 program

Risk management, policies, and controls aligned to ISO 27001.

SOC 2 Type II controls

Trust Services Criteria mapped with documented evidence and monitoring.

Encryption by default

TLS 1.2+ on every endpoint plus AES-256 encryption for all storage and backups.

No AI training on your data

Customer data is never used to train internal or third-party AI models.

Secure cloud infrastructure

Flowtly inherits the resilience of AWS while adding tenant isolation and global performance safeguards.

AWS-based architecture

The entire platform runs on Amazon Web Services using ISO 27001 and SOC 2 certified data centers and managed services.

CloudFront CDN & DDoS protection

AWS CloudFront delivers content securely worldwide, enforces TLS, and mitigates DDoS attacks at the edge.

Isolated databases per tenant

Every customer receives a logically isolated Amazon RDS database to prevent data overlap or accidental access.

Encryption & data protection

Encryption, secret management, and backups are automated so your data stays protected end to end.

Encryption in transit & at rest

HTTPS with TLS 1.2+ secures all traffic, while AES-256 encrypts databases, file storage, and snapshots.

Secrets & key management

Credentials and API tokens are stored in AWS KMS-backed vaults with automatic rotation and fine-grained access controls.

Resilient backups

Automated, encrypted backups run daily and are tested for rapid restoration and disaster recovery readiness.

Privacy & compliance

We operate with privacy by design and provide the legal safeguards modern teams require.

GDPR aligned

Data access, correction, deletion, and portability workflows are available for every EU-based customer.

Data Processing Agreements

DPAs define responsibilities, breach notification timelines, and transparency for joint incident handling.

ISO 27001 safeguards

Security program structured around ISO 27001 controls and recurring risk assessments.

SOC 2 Type II readiness

Operational controls monitored against SOC 2 Trust Services Criteria with evidence collection.

Data access & retention

You remain the sole owner of your workspace data, and retention is tightly controlled.

Zero data retention after exit

Once a subscription ends, data is scheduled for deletion after a short grace period—no lingering backups.

You own your data

Flowtly never sells or monetizes customer data. Only authorized admins can access it.

Minimal access by Flowtly staff

Support access is restricted to vetted engineers under least-privilege with full activity logs.

Application-level security

Built-in controls keep identities, roles, and activity trails fully governed.

SSO & two-factor authentication

Integrate with standard SSO providers and enforce 2FA to reduce credential-based risks.

Role-based access controls

Assign granular permissions per module, team, or integration to follow the principle of least privilege.

Audit trails & monitoring

All key actions are logged so administrators can review logins, changes, and deletions in context.

landing_security_hero_alt

Flowtly blog

Latest articles and posts on the Flowtly blog

Read the latest posts on the Flowtly blog about business management, HR, projects and finance.

FAQ

Security & compliance FAQ

Answers to the most common questions about encryption, privacy, and data handling in Flowtly.

Can the hosting company access my data?

No. All customer data remains encrypted, so infrastructure providers can’t read it.

Can I count on support during system implementation?

Yes, we offer support for implementing Flowtly. We can also provide advice on selecting and configuring modules based on your company’s specific needs.

Can Flowtly employees see my data?

No. If you ever need assistance, add a Flowtly employee to your workspace temporarily and choose exactly which permissions to grant.

What happens to my company's data if I cancel my subscription?

Depending on your decision, the data can either be deleted or archived in compliance with applicable regulations.

Security & Trust

Get the Flowtly trust kit

Receive our security one-pager, architecture diagrams, and compliance roadmap to share with stakeholders.

Request the trust kit
Whatsapp