Security at Flow

We use Flow every day to build Flow. As users of our product, we understand the need for a reliable, secure service that treats your data with the utmost care. 
Below is an overview of our security practices.
Security Icons

Secure, Industry-leading Infrastructure

Our infrastructure is provided by Amazon Web Services (AWS) and Heroku. Both companies offer industry-leading security with restricted physical access to datacenters and robust online access controls. More information is available from both the AWS Cloud Compliance and Heroku Security documents.

Security Icons

Encryption at Rest and in Transit

All of our customers’ data is stored encrypted with AES256, block-level encryption with decryption keys handled through Amazon’s Key Management service. All data is transmitted solely over TLS 1.2 with a strong key exchange (ECDHE-RSA w/P-256) and strong cipher (AES_128_GCM).

Security Icons
Data Safety and Disaster Recovery

Database backups are taken daily, encrypted and stored securely. Due to our infrastructure, in the event of data loss or other disaster we expect to be up and running again within hours, not days.

Security Icons
Availability

Our goal is to keep Flow highly available. Any planned maintenance that would disrupt service is announced weeks in advance and downtime is kept to a minimum.

Security Icons
Security

All payments are handled through Stripe and are fully PCI-compliant. We do not directly store any customer credit card information.

Security Icons
Penetration Tests

In addition to ongoing internal security evaluation, 
we run a crowdsourced bug bounty program 
with Hackerone.

Questions about security or compliance?

Contact Us

If you think you may have found a security vulnerability in Flow, please contact us.

Flow won’t run on your browser. To deliver the best possible experience to our customers, we took advantage of the latest web technologies that aren’t supported by your browser. As such, we can only safely support the latest versions of Safari, Chrome, Firefox, and Internet Explorer. Learn more at Browse Happy