We use cookies to ensure you get the best experience. Learn more.

Meet your IT and Compliance needs effortlessly

Enterprise Grade Encryption
Enterprise Grade Encryption
Decryption keys in NIST FIPS 140-2 validated hardware security modules. Data at rest encrypted using AES-256 algorithms. Data in transit encrypted using RSA-2048 asymmetric algorithms.
ITAR and EAR Compliance
ITAR and EAR Compliance
AWS GovCloud and specialised geographically restricted servers with exclusive access to US nationals are available to meet export controls such as ITAR and EAR
Compliance Documentation Available
Compliance Documentation Available
Security documentation available to meet compliance audit needs, including: Information Security Policy, Access Control Policy, Cryptography Policy, Technology Control Plan, US Export Controls Compliance Policy, US Data Security Compliance Policy.
Strict Access Control
Strict Access Control
Our identity and access management system is compliant to PCI DSS, SOC, ISO/IEC 27001/27017/27018, and ISO 9001.
Backup and Recovery
Backup and Recovery
All customer data is backed up and encrypted on a daily basis and can be restored from up to 30 days in the past.

We offer three deployment options to cater to your specific requirements

Compliant Cloud SaaS
Compliant Cloud SaaS
Convenience & Security
Get started now
AWS GovCloud SaaS
AWS GovCloud SaaS
Built for ITAR and EAR
Book a demo
Self-hosted Software
Self-hosted Software
Straightforward Control
Book a demo

FAQs

Can I store ITAR data on Flow?

Yes, you can store both ITAR and EAR regulated data on Flow

If you wish to host export-restricted 'technical data' within Flow, we host servers in the US with access restricted to US nationals. None of this data leaves US territory and is encrypted to FIPS 140-2 standards as stipulated in ITAR § 120.54 (a)(5)(iii).

Flow itself does not include EAR-controlled 'technology' or 'software', or ITAR-controlled 'technical data'.

Can I store ITAR data on Flow?

Where is customer data hosted?

We currently have active servers in the US and the UK. We can also host a server in other specific geographies for compliance needs whilst retaining the ease of access given by the SaaS-nature of the platform. If you want to host your own instance, we also support on-premise deployments.

Furthermore we can offer servers with restricted access to specific country nationals for export restriction purposes.

Where is customer data hosted?

Who can see my technical data?

Your data can only be accessed and controlled by you unless you explicitly share it wider. Our team only gathers the analytics data required to run our services and ensure platform reliability, and access is permitted only where explicitly required. If you require detailed support, we can provide a named contact, and all discussions can be under an NDA. Only US and UK Persons are granted access to our US and UK production systems respectively.

For more detail our Privacy and Cookies Policy contains data management and retention policies.

Who can see my technical data?

© Copyright 2023 TRC Space Ltd.

All rights reserved.

Providing new-age engineering companies with a requirements tool that is built specifically for their needs and allows them to focus on engineering ground breaking products.