Security

Last Updated: November 7, 2025

Our Commitment to Security

At FlowClose, we take data security seriously. We implement industry-standard security measures to protect your information and ensure the integrity of our platform.

Data Protection Measures

Encryption

• Data in Transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL (Transport Layer Security)
• Data at Rest: Sensitive data stored in our databases is encrypted using industry-standard encryption algorithms
• API Communications: All API endpoints use HTTPS and require authentication

Access Controls

• Authentication: Multi-factor authentication (MFA) available for all user accounts
• Authorization: Role-based access control (RBAC) ensures users only access data they're authorized to view
• Password Security: Passwords are hashed using bcrypt with salt
• Session Management: Secure session tokens with automatic expiration

Infrastructure Security

• Cloud Hosting: Our platform is hosted on secure, SOC 2 compliant cloud infrastructure
• Firewalls: Network-level firewalls protect against unauthorized access
• DDoS Protection: Distributed denial-of-service attack mitigation
• Regular Backups: Automated daily backups with disaster recovery procedures

Application Security

Secure Development Practices

• Code reviews and security audits
• Vulnerability scanning and penetration testing
• Dependency monitoring for known vulnerabilities
• Secure coding standards and best practices

Data Validation

• Input validation and sanitization to prevent injection attacks
• Output encoding to prevent cross-site scripting (XSS)
• CSRF (Cross-Site Request Forgery) protection
• Rate limiting to prevent abuse

Operational Security

Monitoring and Logging

• 24/7 system monitoring and alerting
• Comprehensive audit logs of all system access and changes
• Intrusion detection and prevention systems
• Regular security log reviews

Incident Response

• Documented incident response procedures
• Security incident notification protocols
• Regular security drills and tabletop exercises
• Post-incident analysis and remediation

Compliance

We maintain compliance with relevant data protection regulations:

• GDPR: General Data Protection Regulation (European Union)
• CCPA: California Consumer Privacy Act
• SOC 2: Service Organization Control 2 (Type II)
• PCI DSS: Payment Card Industry Data Security Standard (for payment processing)

Third-Party Security

We carefully vet all third-party service providers and require them to maintain appropriate security standards:

• Data processing agreements with all vendors
• Regular vendor security assessments
• Minimum necessary access principle
• Contractual security and privacy obligations

Employee Security

• Background checks for all employees with data access
• Regular security awareness training
• Confidentiality and non-disclosure agreements
• Principle of least privilege for system access

Data Retention and Deletion

• Data retention policies aligned with business needs and legal requirements
• Secure data deletion procedures when data is no longer needed
• User-initiated data deletion requests honored within 30 days

Your Responsibility

While we implement robust security measures, security is a shared responsibility. You can help protect your account by:

• Using strong, unique passwords
• Enabling multi-factor authentication
• Not sharing your login credentials
• Logging out of shared devices
• Reporting suspicious activity immediately
• Keeping your contact information up to date

Reporting Security Issues

If you discover a security vulnerability or have security concerns, please contact us immediately at:

Email: sales@flowclosepro.com

We take all security reports seriously and will investigate promptly.

Limitations

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of data transmitted over the Internet or stored in our systems. You use our services at your own risk.

Updates to Security Practices

We continuously review and update our security practices to address emerging threats and maintain best-in-class protection. This page will be updated to reflect material changes to our security posture.