Security Policy
FlowHunt prioritizes data security with robust infrastructure, encryption, compliance, and disaster recovery to protect customer, employee, and business data.
Data centers meet high compliance standards, and organizational protocols ensure asset disposal and employee compliance. Regular assessments and disaster recovery plans further safeguard data.
Data security is of utmost importance for us. We combine multiple security features to ensure customer, employee, and business data is always protected so our customers can rest easy knowing their data is safe, their communication is secure, and their businesses are protected.
Infrastructure Security
Infrastructure security involves protecting the underlying hardware, software, and network components that support an organization’s information technology (IT) operations. This encompasses everything from data centers and servers to network connections and endpoint devices. Effective infrastructure security aims to prevent unauthorized access, misuse, and disruptions, ensuring the integrity, confidentiality, and availability of IT systems.
Key Components of Infrastructure Security
Encryption Key Access Restricted
Policy: Access to encryption keys is limited to authorized users with a business need.
Implementation: This ensures that only individuals with proper clearance can decrypt sensitive information, minimizing the risk of data breaches.Unique Account Authentication Enforced
Policy: Systems and applications require unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.
Implementation: This reduces the risk of unauthorized access by ensuring that each user has a distinct identity for authentication.Production Application Access Restricted
Policy: Access to production applications is limited to authorized personnel only.
Implementation: This measure prevents unauthorized users from tampering with critical applications that run the business.Access Control Procedures Established
Policy: Documented requirements for adding, modifying, and removing user access.
Implementation: Clear procedures ensure that access rights are managed systematically and securely.Production Database Access Restricted
Policy: Privileged access to databases is limited to authorized users with a business need.
Implementation: This protects sensitive data stored in databases from unauthorized access or alterations.Firewall Access Restricted
Policy: Privileged access to the firewall is limited to authorized users with a business need.
Implementation: Firewalls are critical for network security, and restricted access ensures their configuration cannot be compromised.Production OS Access Restricted
Policy: Privileged access to the operating system is limited to authorized users with a business need.
Implementation: This secures the OS layer from unauthorized changes that could affect system stability and security.Production Network Access Restricted
Policy: Privileged access to the production network is limited to authorized users with a business need.
Implementation: Ensures that only authorized personnel can access the network, reducing the risk of internal threats.Access Revoked Upon Termination
Policy: Access is revoked for terminated employees within Service Level Agreements (SLAs).
Implementation: This prevents former employees from accessing company systems post-termination.Unique Network System Authentication Enforced
Policy: Requires unique usernames and passwords or authorized SSH keys for network access.
Implementation: Enhances security by ensuring that network access is traceable to individual users.Remote Access Encrypted Enforced
Policy: Remote access to production systems is only allowed via approved encrypted connections.
Implementation: Protects data transmitted over remote connections from being intercepted.Intrusion Detection System Utilized
Policy: Continuous monitoring of the network for early detection of security breaches.
Implementation: An IDS provides real-time alerts, enabling rapid response to potential threats.Infrastructure Performance Monitored
Policy: Utilization of monitoring tools to track system performance and generate alerts when thresholds are met.
Implementation: Ensures the infrastructure remains robust and any issues are promptly addressed.Network Segmentation Implemented
Policy: Segmentation of the network to prevent unauthorized access to customer data.
Implementation: Limits the spread of breaches by isolating different parts of the network.Network Firewalls Reviewed
Policy: Annual review of firewall rulesets with tracked changes.
Implementation: Keeps firewall configurations up-to-date and aligned with current security standards.Network Firewalls Utilized
Policy: Firewalls configured to prevent unauthorized access.
Implementation: Acts as a first line of defense against external threats.Network and System Hardening Standards Maintained
Policy: Documented standards based on industry best practices, reviewed annually.
Implementation: Ensures that systems are configured securely to resist attacks.
Data Center Security
We ensure the confidentiality and integrity of your data with industry best practices. FlowHunt servers are hosted at Tier IV or III+, PCI DSS, SSAE-16, or ISO 27001 compliant facilities. Our Security Team constantly pushes security updates and actively responds to security alerts and events.
Physical Security
| Facilities | Description |
|---|---|
| Server Environment | FlowHunt servers are hosted at Tier III+ or IV or PCI DSS, SSAE-16, or ISO 27001 compliant facilities. Data center facilities are powered by redundant power, each with UPS and backup generators. |
| On-site Security | Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms. |
| Monitoring | All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by FlowHunt administrators. Physical security, power, and internet connectivity beyond co-location cage doors or Amazon/Linode services are monitored by the facilities providers. |
| Location | Public FlowHunt service hosts data primarily in European Union (Frankfurt Data Centers). Private clouds can be built based on your preference or geographical location in the United States, Europe, and Asia. Customers can choose to locate their Service Data in the US-only or Europe-only. |
Network Security
Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, and network Intrusion Detection and/or Prevention technologies (IDS/IPS) which monitor and/or block malicious traffic and network attacks.
Additional Measures
- DDoS Mitigation: Industry-leading infrastructure is in place to protect against and mitigate the impact of denial-of-service attacks.
- Communication Encryption: Communications between you and FlowHunt servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks.
Organizational Security
Procedures for Asset Disposal
- Inventory Assessment: Identify and catalog all devices scheduled for disposal.
- Data Backup: Securely back up necessary data before proceeding with disposal.
- Data Purging: Use certified tools to wipe all data from devices following industry standards.
- Physical Destruction: For devices that cannot be purged, physical destruction methods such as shredding or degaussing are employed.
- Environmental Compliance: All disposal methods comply with environmental regulations.
Certification and Compliance
- Documentation: Maintain detailed records of all disposed assets, including serial numbers, disposal methods, and dates.
- Third-Party Verification: Engage certified third-party vendors to verify and document the disposal process.
Employee and Contractor Compliance
- Background Checks: New employees undergo thorough background checks before joining the company.
- Code of Conduct: Both employees and contractors must acknowledge and adhere to the company’s code of conduct, with disciplinary policies in place for violations.
- Confidentiality Agreements: Confidentiality agreements are mandated for all employees during onboarding and contractors at the time of engagement.
Visitor and Security Protocols
- Visitor Procedures: Visitors must sign in, wear a visitor badge, and be escorted by an authorized employee when accessing secure areas.
- Security Awareness Training: Employees complete security awareness training within thirty days of hire and annually thereafter to stay informed about best practices and emerging threats.
Product Security
Data Encryption
All FlowHunt databases and database backups with sensitive customer data are encrypted. Encryption of billing and payments data is handled by our payment processors (Stripe).
- Column-Level Encryption: Encrypts specific columns within a database, providing a more targeted approach to data protection. This method is useful for securing sensitive fields like API keys.
- Encryption Protocols: Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are used to encrypt data transmissions over networks.
Penetration Testing
FlowHunt conducts regular penetration testing and encourages external security researchers through a bug bounty program to identify vulnerabilities.
Updated: 05/30/2025
Ready to build your own AI?
Smart Chatbots and AI tools under one roof. Connect intuitive blocks to turn your ideas into automated Flows.