Security at Flow

We use Flow every day to build Flow. As users of our product, we understand the need for a reliable, secure service that treats your data with the utmost care. 
Below is an overview of our security practices.

Security Icons

Secure, Industry-leading Infrastructure

Our infrastructure is provided by Amazon Web Services (AWS) and Heroku. Both companies offer industry-leading security with restricted physical access to datacenters and robust online access controls. More information is available from both the AWS Cloud Compliance and Heroku Security documents.

Security Icons
Data Safety and Disaster Recovery

Database backups are taken daily, encrypted and stored securely. Due to our infrastructure, in the event of data loss or other disaster we expect to be up and running again within hours, not days.

Security Icons

Our goal is to keep Flow highly available. Any planned maintenance that would disrupt service is announced weeks in advance and downtime is kept to a minimum.

Security Icons

All payments are handled through Stripe and are fully PCI-compliant. We do not directly store any customer credit card information.

Security Icons
Penetration Tests

In addition to ongoing internal security evaluation, 
we run a crowdsourced bug bounty program 
with Hackerone.


Questions about security or compliance?

If you think you may have found a security vulnerability in Flow, please contact us.

Flow won’t run on your browser. To deliver the best possible experience to our customers, we took advantage of the latest web technologies that aren’t supported by your browser. As such, we can only safely support the latest versions of Safari, Chrome, Firefox, and Internet Explorer. Learn more at Browse Happy