Security Policy

Last updated 5/16/2025

At Flowhub, we understand the trust our customers place in us to handle sensitive business data. We take this responsibility seriously, with a security program designed to protect your data, ensure system reliability, and maintain compliance with industry standards.

Below is an overview of the practices we’ve put in place to secure our platform and operations.

Infrastructure Security

Flowhub is built on Google Cloud Platform (GCP), hosted primarily in the us-central-1 region. We use Google Kubernetes Engine (GKE) to run our applications in containerized environments that are isolated, resilient, and scalable.

All data is encrypted at rest using AES-256 and encrypted in transit using TLS, which are Google Cloud’s default security standards. Our infrastructure is provisioned using infrastructure-as-code for consistency and to reduce the risk of human error.

Application Security

We design and develop software with security top of mind:

  • Multi-factor authentication (MFA) is enforced for all internal systems.
  • All container images are scanned for vulnerabilities, including our code dependencies.
  • We undergo annual third-party penetration testing to proactively identify and address potential threats.
  • All code changes are peer reviewed and tested before deployment.

Data Protection and Backups

All customer data is encrypted in transit and at rest. We perform nightly backups and regularly test our disaster recovery process in line with SOC 2 compliance standards.

Access Control and Device Security

We follow strict access control protocols to minimize risk:

  • Access to production systems is governed by role-based access control (RBAC) and logged via audit trails.
  • Only authorized employees can access customer data, and only for legitimate operational or support reasons.
  • All employee devices are secured and managed using modern endpoint security protocols.

Compliance and Certifications

Flowhub is SOC 2 Type II certified. This certification demonstrates that our security, availability, and confidentiality controls are independently verified and consistently followed.

Incident Response

We maintain a documented incident response plan and have a dedicated security team responsible for managing any security incidents.

If a data breach were to occur, we notify affected customers by email without undue delay and provide updates as we investigate and resolve the issue.

Processing Integrity

Processing accuracy and integrity is core to Flowhub. Our point-of-sale system is designed to capture and store granular detail across sale transactions, inventory, product, and adjustments down to the user level and timestamp in real-time. Any potential discrepancy is reportable and actionable. You get visibility into key performance indicators in real-time as well as historical trends.

We proactively monitor performance and processing to maximize reliability and scalability with regular updates released to all customers to ensure the latest application version and highest level of security.

Customer Responsibilities

Security is a shared responsibility. We encourage customers to:

  • Use strong passwords and enable MFA where available
  • Manage user permissions appropriately within Flowhub
  • Report suspicious activity or incidents to our support team

Contact Us

If you have any questions about our security practices, please contact your Customer Success Manager or email us at security@flowhub.com.

Legal