FlowSentric
Sign in Start Free Trial
ProductFeaturesUse casesServicesPricingFAQSign in Start Free Trial
Trust & Compliance

Security & Trust

Where your data goes, who can see it, and how we protect it — the controls behind FlowSentric.

Your data is hosted in the EU, encrypted in transit and at rest, and strictly isolated per tenant. We never sell your data and never use it to train AI models. Sensitive data can be masked before it ever reaches a third-party model.

Encryption everywhere

TLS 1.3 in transit and AES-256 at rest. Application secrets and integration tokens are encrypted with Fernet; passwords are only ever stored as hashes.

Strict tenant isolation

Authorisation is enforced on every read and write. A user only ever sees their own data or the organisations they belong to — cross-tenant access is blocked and tested.

EU data residency

Application and database are hosted in the EU. For AI requests you can pin to EU regions, and any third-country transfer relies on EU Standard Contractual Clauses or an adequacy decision.

PII masking built in

Our privacy layer can strip names, emails, phone numbers and other sensitive data before a prompt leaves FlowSentric for any external model.

Role-based access

Organisations, roles and resource-level permissions govern who can do what. Authentication uses secure, http-only session cookies.

Audit logging

Security-relevant actions are recorded in an audit trail, retained per your plan, so you can see what happened and when.

Backups & recovery

Regular encrypted backups and tested recovery keep your data available and resilient against loss.

Hardened integrations

Outbound tool and database connections are SSRF-guarded and re-validated per redirect, so the platform can't be tricked into reaching internal hosts.

Data retention & deletion

  • Account data is kept while your account is active and deleted within 30 days of a deletion request.
  • Conversations and files follow your plan's history settings and can be deleted at any time.
  • Shareable AI Sessions are ephemeral and auto-deleted after expiry.
  • We never sell your data and never use it to train AI models.

Incident response & disclosure

If a personal data breach occurs, we notify affected business customers without undue delay (as a rule within 48 hours) and support the notifications required under GDPR Art. 33–34. Found a vulnerability? Please report it responsibly to security@flowsentric.com.

See also our Data Processing Agreement, Subprocessors, EU AI Act classification and Privacy Policy.