Security

Encryption

All data in transit is encrypted with TLS 1.2+ using modern cipher suites. Data at rest in our managed Postgres cluster is encrypted with AES-256. OAuth refresh tokens, SMTP passwords, and API secrets are encrypted with per-tenant keys before storage.

Authentication & Access

• Email + password login.
• Tenant-scoped row-level security at the database layer.
• Role-based access control (RBAC) on Pro and above.
• SAML/OIDC SSO and SCIM provisioning on the Enterprise roadmap.
• Session tokens are JWT-signed and short-lived; refresh rotated.

Audit Logs

Every meaningful action — proposal sent, deal stage changed, settings updated, AI zone regenerated — writes an immutable audit-log entry. Free plans retain 7 days; Pro 90 days; Business 365 days; Enterprise unlimited with export to S3.

AI Data Handling

Tenant data sent to LLM providers (Anthropic, OpenAI) is processed under no-training agreements. Prompts and completions are not used to train foundation models. We do not retain prompts beyond the immediate request lifecycle except where required for caching or audit.

Infrastructure

• Hosted on managed cloud infrastructure with isolated tenants.
• Daily encrypted backups with point-in-time recovery.
• Vulnerability scanning on every deploy; dependencies patched promptly after CVE disclosure.

Compliance

• GDPR-aligned data processing; DPA available on request.
• SOC 2 Type II audit on the roadmap.
• HIPAA BAA, regional data residency, and uptime SLA available on Enterprise contracts — talk to us.

Responsible Disclosure

Found a vulnerability? Email security@flowshark.ai. We respond within 48 hours and credit responsible reporters in our hall of fame.