Security - Flow Engineering

SOC2

GDPR

ITAR

Meet your IT and Compliance needs effortlessly

Enterprise Grade Encryption

Decryption keys in NIST FIPS 140-2 validated hardware security modules. Data at rest encrypted using AES-256 algorithms. Data in transit encrypted using RSA-2048 asymmetric algorithms.

ITAR and EAR Compliance

AWS GovCloud and specialised geographically restricted servers with exclusive access to US nationals are available to meet export controls such as ITAR and EAR

Compliance Documentation Available

Security documentation available to meet compliance audit needs, including: Information Security Policy, Access Control Policy, Cryptography Policy, Technology Control Plan, US Export Controls Compliance Policy, US Data Security Compliance Policy.

Strict Access Control

Our identity and access management system is compliant to PCI DSS, SOC, ISO/IEC 27001/27017/27018, and ISO 9001.

Backup and Recovery

All customer data is backed up and encrypted on a daily basis and can be restored from up to 30 days in the past.

We offer three deployment options to cater to your specific requirements

Compliant Cloud SaaS

Convenience & Security

Get started now →

AWS GovCloud SaaS

Built for ITAR and EAR

Book a demo →

Self-hosted Software

Straightforward Control

Book a demo →

FAQs

Can I store ITAR data on Flow?

Yes, you can store both ITAR and EAR regulated data on Flow

If you wish to host export-restricted 'technical data' within Flow, we host servers in the US with access restricted to US nationals. None of this data leaves US territory and is encrypted to FIPS 140-2 standards as stipulated in ITAR § 120.54 (a)(5)(iii).

Flow itself does not include EAR-controlled 'technology' or 'software', or ITAR-controlled 'technical data'.

Yes, you can store both ITAR and EAR regulated data on Flow

Flow itself does not include EAR-controlled 'technology' or 'software', or ITAR-controlled 'technical data'.

Where is customer data hosted?

We currently have active servers in the US and the UK. We can also host a server in other specific geographies for compliance needs whilst retaining the ease of access given by the SaaS-nature of the platform. If you want to host your own instance, we also support deployments to your own cloud infrastructure.

Furthermore we can offer servers with restricted access to specific country nationals for export restriction purposes.

Who can see my technical data?

Your data can only be accessed and controlled by you unless you explicitly share it wider. Our team only gathers the analytics data required to run our services and ensure platform reliability, and access is permitted only where explicitly required. If you require detailed support, we can provide a named contact, and all discussions can be under an NDA. Only US and UK Persons are granted access to our US and UK production systems respectively.

For more detail our Privacy and Cookies Policy contains data management and retention policies.