Legal · Security

Security posture.

We build for clients who handle real customer data. These are the controls we treat as non-negotiable, and a short overview of how we run the platform.

Encryption in transit and at rest

TLS 1.3 everywhere; AES-256 for data at rest; rotated managed keys for all secrets.

Access control

Least-privilege by default, SSO and 2FA enforced for staff, audit logs on every admin action.

Provider isolation

Client data passes through model providers under zero-retention agreements wherever supported.

Backups and recovery

Daily encrypted backups with 30-day retention, tested restore playbooks, documented RPO/RTO.

Responsible disclosure

Found something? security@aiflowpro.online. We acknowledge within 48 hours.