FlowState OS handles real customer conversations, lead data, and order operations every day. Here's how we protect that, and the commitments we make to every customer.
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Customer data is logically isolated per tenant. Backup encryption uses separate keys.
Role-based access control on every action. SSO via Google Workspace, Microsoft 365, and SAML. SCIM provisioning on Scale plans. Every action ties to a user.
Every agent action, every human override, every config change is logged with timestamp, user, and context. Audit logs are exportable and immutable.
Choose where your data lives: US, EU, or India. Scale customers can deploy on-prem or in their own VPC for full data sovereignty.
SOC 2 Type II compliant. GDPR-ready with custom DPAs available. HIPAA-compatible deployment available on Scale plans.
Customer data is never used to train shared models. Per-tenant model state is isolated. Human-in-the-loop overrides on every escalation path.
Customer data is encrypted in transit and at rest
Customer data is never used to train shared models
Per-tenant logical isolation on all storage
Audit logs immutable and exportable
Vendor security review available on request
Annual third-party penetration testing
24-hour security incident SLA
GDPR, CCPA, and DPDPA aligned
Yes. We are SOC 2 Type II compliant. The full report is available under NDA on request through your account team.
By default, in the region you choose at sign-up: US, EU, or India. Scale customers can deploy on their own infrastructure for complete data sovereignty.
No. Customer data is never used to train shared models. We use foundation models from Anthropic and OpenAI under their enterprise agreements, which prohibit training on customer inputs.
Yes. Custom DPAs are available on Growth and Scale plans. We accept most standard customer DPAs and can negotiate specific terms when needed.
We have a 24-hour notification SLA for any incident affecting customer data. Our incident response runbook covers detection, containment, customer notification, and post-incident review.
Yes. Scale customers can run FlowState OS in their own VPC (AWS, GCP, Azure) or fully on-prem. We provide deployment artifacts, docs, and dedicated success engineer support.