Flowtrace is a team collaboration analytics tool which integrates with other communication and collaboration tools such as Slack, Google Workspace, Jira and GitHub to name a few.
Security of your data
Security of your data is our priority. We strive and continually improve to maintain industry-leading security and privacy practices. If you have any specific concerns beyond the scope of this page, please contact us at support@flowtrace.co
Compliance
Flowtrace conducts an audit annually to maintain all compliance related standards. To find out more about this and GDPR compliance please contact us.
Flowtrace infrastructure is provided by Amazon Web Servers (AWS), You can read more details relating to AWS security, compliance and privacy here.
Encryption
Encryption at-rest
All data is encrypted at rest. This service is provided and managed by AWS DynamoDB.
Encryption at-transit and HTTPS
All data you exchange with Flowtrace is transmitted over SSL. Data we collect from 3rd-party services on your behalf is also fetched over SSL (when available).
If you have any concern about how we connect to a specific data source, please contact us via support@flowtrace.co
Data Privacy Best Practices
Limit processing to meta-data
We don’t read your email! Wherever possible, we only analyze meta-data about your work – not the content of the work itself. This means, for example, that for a Google Drive file, we store data such as the title and who edited it, but not the content of the file itself. Thus if our systems were ever compromised, your work content would remain secure – as we never store a copy of the work.
This is the same for email communication and other communication through digital tools, we do not store the contents of any private communication.
Auth0
We use Auth0 to provide us with highest grade security and functionality to authenticate our user to our platform. You can access further security and compliance information from their website. Auth0 provides us with social connections via 3rd party people directories you control.
Single-sign-on with Google via Auth0 (SSO)
You can elect to use Google as an authentication provider via Auth0 to ensure your user access is always up to date with your corporate policies.
Single-sign-on with Slack via Auth0 (SSO)
You can elect to use Slack as an authentication provider via Auth0 to ensure your user access is always up to date with your corporate policies.
AWS Cognito and Federated Identities
Access to our platform is secured with AWS Cognito. All traffic to our platform, and client information databases requires an authenticated user via Auth0, federated to AWS Cognito Federated Identity pools. This ensures our security is layered and protected in most robust scenarios protected by best in class authentication mechanisms.
OAuth2
Wherever possible, we use OAuth 2.0 to access data from your integrations – it’s a widely accepted standard flow for securing authorizing 3rd-parties such as Flowtrace to access your data in other SaaS tools. Generally, this means that you may revoke our access to your data from those tools at any time.
We don’t store sensitive payment information
We use Stripe for all payments and subscriptions to the Flowtrace platform. Stripe is a certified PCI Level 1 Service Provider, to process payments you make through Flowtrace. We don’t retain any customer payment information.
Multi-Factor Authentication
Access to our production and development infrastructure is tightly restricted to senior personnel, who must have strong passwords and utilize Multi-Factor Authentication.
Platform-as-a-Service Architecture
Our application is architected to run on top of platform-as-a-service infrastructure. We deploy our application as small bundle of source code and configuration files into sandboxed container that are distributed across standardized, hardened virtual machines. The containers and virtual servers are maintained and operated by Amazon Web Servers (AWS). This greatly limits potential intrusion points. You aren’t depending on us to keep components such as kernels, web-servers, packages, etc up-to-date with the latest security patches – trust is provided by AWS.
Separation of Responsibilities
All source code that processes your data is subject to review, requiring sign-off from a platform developer before it can be deployed into our production environment. We operate distinct production, staging, and development stacks of infrastructure, to enable robust testing of our application before it touches your data.
Security, Audits and Testing
Security Testing
The Flowtrace platform undergoes regular security and penetration testing, at the application and infrastructure-levels.
Enhanced Automated Security Scans
We use automated scanning tools to continually scan our application for potential vulnerabilities.
More information relating to our testing may be obtained via support@flowtrace.co.
Comprehensive Audits
We perform annual internal audits for compliance with our security policies and procedures. These audits drive continuous improvement in our practices.
More Information
If you require any additional information on our data and security practices, please contact us via support@flowtrace.co
Last updated
25th August 2022