Platform Security

Security Policy

Maintaining the security of our clients' data is an absolute priority at iflows. Our goal is to provide a secure environment, also being attentive to the application's performance and the general user experience.

To send us a vulnerability or another security issue, please email securityiflows.com!

compliance

Certifications and Accreditations

Global standard for information security management systems

general-data-protection

Data protection and the rights of the data subjects for EU residents

Platform Security

All communications of the iflows web application are encrypted with 256-bit SSL, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions. All data for iflows are encrypted at rest using AES-256 encryption.

iflows maintains continuous PCI compliance, adhering to the industry's strict standards for the storage, processing, and online transmission of credit card information.

iflows actively monitors security, performance, and continuous availability 24/7/365. We conduct ongoing automated security testing. In addition, we contract a third party for penetration testing.

Regarding confidentiality, you can view our complete privacy policy here: Privacy Policy

Data Center Security

iflows customer data is hosted by Microsoft Azure, which is certified with ISO/IEC 27001:2013, SOC, CSA, GDPR. Microsoft Azure maintains an impressive list of reports, certifications, and third-party assessments to ensure the full and ongoing security of the state-of-the-art data center.

Microsoft Azure infrastructure is hosted in data centers controlled by Microsoft around the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. More information about Microsoft Azure data centers and their security controls can be found here.

Customer data from Central and Eastern Europe is hosted in the Microsoft Azure data center in Germany.

Data Privacy

iFlows adheres to a stringent data management policy, with source code and configuration files securely stored in private GitHub repositories, accessible solely to our security and development teams.

These protocols ensure meticulous oversight of code integrity through every update cycle, with code review procedures designed to identify and mitigate security vulnerabilities, programming errors, and performance deficiencies.

To reinforce client data confidentiality, iFlows maintains a strict policy whereby our developers engage exclusively with simulated data sets during the development and testing phases. This ensures that, as code progresses through review and approval stages, its deployment in the production environment upholds the utmost standards of client data confidentiality and integrity.

iflows Data Center Location