Flowtrace is a team collaboration analytics tool which integrates with other communication and collaboration tools such as Slack, Google Workspace, Jira and GitHub to name a few.
Security of your data
Security of your data is our priority. We strive and continually improve to maintain industry-leading security and privacy practices. If you have any specific concerns beyond the scope of this page, please contact us at firstname.lastname@example.org
Flowtrace conducts an audit annually to maintain all compliance related standards. To find out more about this and GDPR compliance please contact us via email@example.com
Encryption at-rest. All data is encrypted at rest. This service is provided and managed by AWS DynamoDB.
HTTPS. All data you exchange with Flowtrace is transmitted over SSL. Data we collect from 3rd-party services on your behalf is also fetched over SSL (when available). If you have any concern about how we connect to a specific data source, please contact us via firstname.lastname@example.org
Security and Testing
Security Testing. The Flowtrace platform undergoes regular security and penetration testing, at the application and infrastructure-levels. More information relating to our testing may be obtained via email@example.com.
Enhanced Automated Security Scans. We use automated scanning tools to continually scan our application and infrastructure for potential vulnerabilities.
Data Privacy Best Practices
Limit processing to meta-data. We don’t read your email! Wherever possible, we only analyze meta-data about your work – not the content of the work itself. This means, for example, that for a Google Drive file, we store data such as the title and who edited it, but not the content of the file itself. Thus if our systems were ever compromised, your work content would remain secure – as we never store a copy of the work.
This is the same for email communication and other communication through digital tools, we do not store the contents of any private communication.
Single-sign-on with Google (SSO). We use 3rd party corporate user directories and integrations to create your account and authenticate your employees.
AWS Cognito. You may also create your account and authenticate additional users by manually entering username (email and address) and password. To ensure security and highest level of compliance, we use AWS Cognito to manage and store your credentials.
OAuth 2. Wherever possible, we use OAuth 2.0 to access data from your integrations – it’s a widely accepted standard flow for securing authorizing 3rd-parties such as Flowtrace to access your data in other SaaS tools. Generally, this means that you may revoke our access to your data from those tools at any time.
We don’t store sensitive payment information. We use Stripe for all payments and subscriptions to the Flowtrace platform. Stripe is a certified PCI Level 1 Service Provider, to process payments you make through Flowtrace. We don’t retain any customer payment information.
Multi-Factor Authentication. Access to our production and development infrastructure is tightly restricted to senior personnel, who must have strong passwords and utilize Multi-Factor Authentication.
Platform-as-a-Service Architecture Our application is architected to run on top of platform-as-a-service infrastructure. We deploy our application as small bundle of source code and configuration files into sandboxed container that are distributed across standardized, hardened virtual machines. The containers and virtual servers are maintained and operated by Amazon Web Servers (AWS). This greatly limits potential intrusion points. You aren’t depending on us to keep components such as kernels, web-servers, packages, etc up-to-date with the latest security patches – trust is provided by AWS.
Separation of Responsibilities. All source code that processes your data is subject to review, requiring sign-off from a platform developer before it can be deployed into our production environment. We operate distinct production, staging, and development stacks of infrastructure, to enable robust testing of our application before it touches your data.
Comprehensive Audits. We perform annual internal audits for compliance with our security policies and procedures. These audits drive continuous improvement in our practices.
If you require any additional information on our data and security practices, please contact us via firstname.lastname@example.org
10th October 2021