Flow raises $23M Series A from

Sequoia

Read More

Flow raises $23M Series A from

Sequoia

Read More

Enterprise grade security with secure AI

Built for Regulated Engineering

Flow is built for defense, aerospace, energy, and other highly regulated industries. It supports ITAR and export controls, offers data residency and sovereignty, and can be deployed as SaaS, GovCloud, or self-hosted—enabling secure collaboration across mechanical, electrical, and software teams.

ITAR and CUI compliant

Flow aligns with the certifications and frameworks modern hardware teams rely on, including ITAR, EAR, NIST 800-171, CUI, SOC 2 Type II, ISO 27001, GDPR, and CCPA.

ITAR
GDPR compliant
SOC2 compliant
Private and Secure AI by Design

Flow keeps your data inside your environment. All AI processing runs within controlled boundaries that protect your proprietary IP and meet strict security needs. You get clear visibility into suggestions and accepted changes, plus a full audit trail for every AI action. All AI runs with private inference, and no data is ever used for model training.

Enterprise grade security with secure AI

Built for Regulated Engineering

Flow is built for defense, aerospace, energy, and other highly regulated industries. It supports ITAR and export controls, offers data residency and sovereignty, and can be deployed as SaaS, GovCloud, or self-hosted—enabling secure collaboration across mechanical, electrical, and software teams.

ITAR and CUI compliant

Flow aligns with the certifications and frameworks modern hardware teams rely on, including ITAR, EAR, NIST 800-171, CUI, SOC 2 Type II, ISO 27001, GDPR, and CCPA.

ITAR
GDPR compliant
SOC2 compliant
Private and Secure AI by Design

Flow keeps your data inside your environment. All AI processing runs within controlled boundaries that protect your proprietary IP and meet strict security needs. You get clear visibility into suggestions and accepted changes, plus a full audit trail for every AI action. All AI runs with private inference, and no data is ever used for model training.

Enterprise grade security with secure AI

Built for Regulated Engineering

Flow is built for defense, aerospace, energy, and other highly regulated industries. It supports ITAR and export controls, offers data residency and sovereignty, and can be deployed as SaaS, GovCloud, or self-hosted—enabling secure collaboration across mechanical, electrical, and software teams.

ITAR and CUI compliant

Flow aligns with the certifications and frameworks modern hardware teams rely on, including ITAR, EAR, NIST 800-171, CUI, SOC 2 Type II, ISO 27001, GDPR, and CCPA.

ITAR
GDPR compliant
SOC2 compliant
Private and Secure AI by Design

Flow keeps your data inside your environment. All AI processing runs within controlled boundaries that protect your proprietary IP and meet strict security needs. You get clear visibility into suggestions and accepted changes, plus a full audit trail for every AI action. All AI runs with private inference, and no data is ever used for model training.

Meet your IT and Compliance needs effortlessly

Enterprise Grade Encryption
Enterprise Grade Encryption
Enterprise Grade Encryption

Decryption keys in NIST FIPS 140-2 validated hardware security modules. Data at rest encrypted using AES-256 algorithms. Data in transit encrypted using RSA-2048 asymmetric algorithms.

ITAR and EAR Compliance
ITAR and EAR Compliance
ITAR and EAR Compliance

AWS GovCloud and specialised geographically restricted servers with exclusive access to US nationals are available to meet export controls such as ITAR and EAR

Compliance Documentation Available
Compliance Documentation Available
Compliance Documentation Available

Security documentation available to meet compliance audit needs, including: Information Security Policy, Access Control Policy, Cryptography Policy, Technology Control Plan, US Export Controls Compliance Policy, US Data Security Compliance Policy.

Strict Access Control
Strict Access Control
Strict Access Control

Our identity and access management system is compliant to PCI DSS, SOC, ISO/IEC 27001/27017/27018, and ISO 9001.

Backup and Recovery
Backup and Recovery
Backup and Recovery

All customer data is backed up and encrypted on a daily basis and can be restored from up to 30 days in the past.

We offer three deployment options to cater to your specific requirements

Compliant Cloud SaaS
Compliant Cloud SaaS
Compliant Cloud SaaS

Convenience & Security

Get started now →

AWS GovCloud SaaS
AWS GovCloud SaaS
AWS GovCloud SaaS

Built for ITAR and EAR

Book a demo →

Self-hosted Software
Self-hosted Software
Self-hosted Software

Straightforward Control

Book a demo →

FAQs

Can I store ITAR data on Flow?

Can I store ITAR data on Flow?

Yes, you can store both ITAR and EAR regulated data on Flow

If you wish to host export-restricted 'technical data' within Flow, we host servers in the US with access restricted to US nationals. None of this data leaves US territory and is encrypted to FIPS 140-2 standards as stipulated in ITAR § 120.54 (a)(5)(iii).

Flow itself does not include EAR-controlled 'technology' or 'software', or ITAR-controlled 'technical data'.

Yes, you can store both ITAR and EAR regulated data on Flow

If you wish to host export-restricted 'technical data' within Flow, we host servers in the US with access restricted to US nationals. None of this data leaves US territory and is encrypted to FIPS 140-2 standards as stipulated in ITAR § 120.54 (a)(5)(iii).

Flow itself does not include EAR-controlled 'technology' or 'software', or ITAR-controlled 'technical data'.

Can I store ITAR data on Flow?
Can I store ITAR data on Flow?
a group of cubes that are on a black surface
a group of cubes that are on a black surface

Where is customer data hosted?

Where is customer data hosted?

We currently have active servers in the US and the UK. We can also host a server in other specific geographies for compliance needs whilst retaining the ease of access given by the SaaS-nature of the platform. If you want to host your own instance, we also support deployments to your own cloud infrastructure.

Furthermore we can offer servers with restricted access to specific country nationals for export restriction purposes.

We currently have active servers in the US and the UK. We can also host a server in other specific geographies for compliance needs whilst retaining the ease of access given by the SaaS-nature of the platform. If you want to host your own instance, we also support deployments to your own cloud infrastructure.

Furthermore we can offer servers with restricted access to specific country nationals for export restriction purposes.

Who can see my technical data?

Who can see my technical data?

Your data can only be accessed and controlled by you unless you explicitly share it wider. Our team only gathers the analytics data required to run our services and ensure platform reliability, and access is permitted only where explicitly required. If you require detailed support, we can provide a named contact, and all discussions can be under an NDA. Only US and UK Persons are granted access to our US and UK production systems respectively.

For more detail our Privacy and Cookies Policy contains data management and retention policies.

Your data can only be accessed and controlled by you unless you explicitly share it wider. Our team only gathers the analytics data required to run our services and ensure platform reliability, and access is permitted only where explicitly required. If you require detailed support, we can provide a named contact, and all discussions can be under an NDA. Only US and UK Persons are granted access to our US and UK production systems respectively.

For more detail our Privacy and Cookies Policy contains data management and retention policies.

black and gray control panel
black and gray control panel