Enterprise Security

Security is a Business Requirement

You’re trusting flow8 with data: customer records, financial information, legal documents, proprietary processes. Security isn’t optional—it’s foundational.

flow8 is built with enterprise security standards: encryption at rest and in transit, role-based access control, comprehensive audit logging, compliance-ready retention policies, and flexible deployment options. This page explains what that means for your business.

Data Encryption: At Rest and In Transit

Encryption at Rest

When data is stored in flow8 (database, file system, archives), it’s encrypted.

Field-level encryption for sensitive data:

API keys, passwords, OAuth tokens → encrypted with NaCl (modern symmetric encryption).
Encrypted fields can only be decrypted by authorized services within flow8.
If a database backup is stolen, encrypted fields are useless without the encryption key.

What gets encrypted:

All integration credentials (Clio password, QuickBooks API key, Slack token).
Any data you mark as “sensitive” (SSN, credit card numbers, medical information).

The encryption key is managed separately:

Never stored with the data.
Managed via environment variable (ENCRYPTION_KEY).
If you deploy flow8 on-premise, you control the key.

Encryption in Transit

All data moving over the network is encrypted.

HTTPS only — all API calls, web interface, and integrations use HTTPS with TLS 1.2+.
No plain-text transmission — even between flow8 components.
External API calls — when flow8 calls external services (Salesforce, QuickBooks, Google), those calls are over HTTPS.

Implication: Even if someone taps your network, they see encrypted traffic, not readable data.

Access Control: Role-Based and Entity-Level

Not everyone in your organization should see all data. flow8 implements role-based access control (RBAC) with fine-grained entity-level permissions.

Role Types

Admin

Full system access: manage users, configure integrations, view all flows and executions.
Responsibility: set up flow8, manage security policies.

Flow Designer

Can create and edit flows.
Can configure integrations (add API keys, connect tools).
Responsibility: build and refine automation.

Executor

Can manually trigger flows.
Can view execution history for flows they have access to.
Responsibility: run automation as needed, monitor results.

Viewer

Read-only access to flows and executions.
Cannot modify or execute.
Responsibility: compliance officers, auditors.

Entity-Level Permissions

Beyond role-based access, you can grant permissions on individual resources:

Flow-level access: “Alice can edit Flow X, but not Flow Y.”
Data-level access: “Bob can only see executions from Company A, not Company B.”
Integration-level access: “Carol can use the Salesforce integration, but not the QuickBooks integration.”

Example: A law firm has multiple practice areas (Corporate, Litigation, IP). The Corporate flow designer should only see and edit Corporate flows, not Litigation data.

Multi-Company Isolation

If you use flow8 with multiple organizations, each organization is completely isolated:

Company A’s flows, data, and executions are invisible to Company B.
Credentials entered by Company A are not accessible to Company B.
Audit logs are segregated by company.

This is essential for SaaS providers or managed service operators.

Credentials and Secrets Management

Every integration requires credentials (API keys, passwords, OAuth tokens). flow8 handles these safely.

Secure Storage

Credentials are encrypted immediately upon entry.
Never logged in plain text.
Never sent to external systems (except the system that issued them).

Credential Scoping

When you authorize an integration, you can limit what flow8 can do:

Salesforce: Read-only vs. create/update permissions.
Google Drive: Full access vs. read-only vs. specific folder access.
QuickBooks: Read invoices only vs. create/update vs. delete.

flow8 uses OAuth2 where possible, so you never enter your password—only an access token (which expires).

Credential Rotation

You can revoke and re-issue credentials without stopping flows.
Old credentials automatically cease to work.
Audit log shows when credentials were rotated and who did it.

Scenario: A developer leaves the company. You revoke their access token. All flows immediately stop using their token. No downtime, no manual workflow updates.

Audit Logging: Complete Visibility

Every significant action is logged with full context.

What Gets Logged

Execution logs:

When a flow runs, what inputs it received, outputs it produced, how long it took.
Every flowlet execution: input data, output data, any errors or warnings.
User/system that triggered the flow.

Data access logs:

Who accessed which flow, at what time.
Which data was retrieved or modified.
From what IP address.

Credential usage logs:

When an API key or password was used.
Which system used it.
For what purpose (e.g., “created invoice in QuickBooks”).

Administrative actions:

User login/logout.
Permission changes (who granted access to whom).
Integration configuration changes.
Flow modifications.

Why This Matters

Compliance: When auditors ask “Can you prove that this process was followed and approved?”, you have evidence. “Here’s the flow execution log showing the approval at 2:14 PM on April 3rd, who approved it, and what data was processed.”

Incident investigation: If something goes wrong (data was deleted, modified incorrectly, or accessed unexpectedly), the audit log shows exactly what happened and who did it.

Forensics: Security breach suspected? Audit logs show which credentials were used when, what data was accessed, and from where.

Log Retention

Configure how long to keep logs:

Compliance requirement: keep invoices for 7 years → configure invoice flow logs to retain for 7 years.
Regulatory requirement (GDPR): right to be forgotten → configure policy to auto-delete logs after 3 years (with exceptions for legal holds).
Minimum retention: flow8 enforces minimums for certain log types (audit logs typically 1 year minimum).

Logs are immutable once created—you cannot delete or edit them (only administrators can configure retention policies).

Compliance Ready

If you operate in the EU or serve EU customers, GDPR compliance is critical.

flow8 helps you stay GDPR-compliant:

Data minimization: Only connect integrations and flows that genuinely need customer data. Unused integrations don’t access data.
Purpose limitation: Audit logs show what data was processed and for what purpose.
Retention policies: Configure automatic deletion of data after a specified period (“delete customer records after 1 year of inactivity”).
Right to be forgotten: When a customer requests deletion, flow8 can be configured to purge their data from flows/executions.
Data portability: Export a customer’s data from flow8 in a structured format.
Consent tracking: Audit logs show when and how data was processed, so you can prove consent was obtained.

SOC 2 & ISO 27001

Enterprise customers often require certifications. flow8’s architecture supports:

Encryption at rest and in transit (required for SOC 2 Type II).
Access controls with audit logging (required for SOC 2 and ISO 27001).
Secure credential management (required for both).
Incident response procedures (required for both).

Contact flow8 support for current certifications and attestations.

HIPAA (Health Information Portability and Accountability Act)

If you process healthcare data:

Credentials are encrypted and access is logged.
Audit trails are comprehensive and retained for compliance periods.
Deployment options allow on-premise hosting (data stays under your control).

Work with flow8 to configure HIPAA-compliant deployments.

Deployment Options: Control and Flexibility

Cloud-Hosted (flow8-Managed)

flow8 runs your flows on our managed infrastructure.

Pros: Zero ops overhead, automatic updates, pay-as-you-go pricing.
Cons: Your data is on our servers (though encrypted).
Best for: Small teams, rapid deployment, minimal compliance requirements.

Self-Hosted (Your Infrastructure)

Deploy flow8 on your own servers (Docker, Kubernetes, VM).

Pros: Data stays on your infrastructure, full control, compliance with data residency laws.
Cons: You manage ops, security patches, backups, infrastructure costs.
Best for: Enterprise, regulated industries, strict data residency requirements, on-premise-only mandates.

Data residency: If your company has contracts requiring data to stay in a specific country/region (e.g., EU, Australia, Canada), self-hosted deployment guarantees it.

Network Security

API Authentication

Every API call to flow8 is authenticated:

Session-based (UI users): bcrypt password hashing, 1-hour session TTL, secure cookies.
API keys (service-to-service): JWT tokens, per-key rotation, scope-based permissions.
OAuth2 (third-party integrations): secure delegated access without sharing passwords.

Rate Limiting

flow8 limits API requests to prevent abuse:

Per-user rate limits (e.g., 1,000 API calls per hour).
Per-IP rate limits.
Per-integration rate limits (respect external service limits).

Exceeded limits? You get a rate-limit error and can retry after a backoff period.

IP Allowlisting (Enterprise)

If deployed self-hosted, restrict which IPs can access flow8:

Only allow access from your office IP range.
Only allow specific systems to trigger flows.
Block all other access.

Data Residency and Sovereignty

Storage Location

Cloud-hosted: Data stored in flow8’s data center (configurable region, e.g., US, EU).
Self-hosted: Data stored on your infrastructure; you choose location.

Cross-Border Data Transfers

flow8 integrations can transfer data internationally (e.g., your US flow calls a Canadian Salesforce instance). flow8 complies with Standard Contractual Clauses (SCCs) for such transfers under GDPR.

Incident Response and Support

Security Incident

If flow8 detects a security issue:

Immediate notification to affected customers.
Root cause analysis within 24 hours.
Remediation plan and timeline.
Public statement if required.

Customer Support

Dedicated support channel for security issues (not email).
Encryption keys can be rotated on demand.
Credentials can be revoked immediately if compromise is suspected.

Checklist: Security Features You Have

Encryption: All credentials encrypted at rest; all data encrypted in transit.
Access Control: Role-based permissions, entity-level fine-grained access, multi-company isolation.
Audit Trail: Every action logged with user, timestamp, data involved.
Credential Management: Secure storage, scoped permissions, easy rotation.
Compliance Ready: GDPR-friendly, SOC 2-compatible, HIPAA-supportable, audit-log retentions.
Deployment Options: Cloud or self-hosted; you choose data location.
IP Allowlisting: (Self-hosted only) Restrict network access.
Rate Limiting: Prevent abuse and overload.
Support: Incident response, security contacts, transparency.

Getting Started: Security Assessment

Before deploying flow8, work with your security team:

Data Classification: What data will flow8 process? (Customer? Financial? Healthcare? Confidential?)
Compliance Requirements: GDPR? HIPAA? SOC 2? Data residency laws?
Deployment: Cloud or self-hosted?
Access Control: Who needs access? What permissions?
Audit Logging: How long to retain logs? Who gets access to audit logs?

flow8’s default configuration is secure. Customization is available for specialized compliance needs.

Summary: Security is a Foundation

flow8 is built with security from day one:

Data is encrypted — at rest and in transit.
Access is controlled — role-based and fine-grained.
Actions are logged — audit trail is complete and immutable.
Compliance is easy — retention policies, access controls, and transparency built in.
Deployment is flexible — cloud or self-hosted, depending on your needs.

You can automate with confidence, knowing your data is protected.