Security is of utmost importance to us at Flow, especially as Flow users ourselves. We understand the need for a reliable, secure service that treats your data with care. We’ve outlined some important security information below.
Our infrastructure is provided by Amazon Web Services (AWS) and Heroku. Both companies offer industry-leading security with restricted physical access to datacenters and robust online access controls. More information is available from both the AWS Cloud Compliance and Heroku Security documents.
Data Safety and Disaster Recovery
Database backups are taken daily, encrypted and stored securely. Due to our infrastructure, in the event of data loss or other disaster we expect to be up and running again within hours, not days.
Our goal is to keep Flow highly available. Any planned maintenance that would disrupt service is announced weeks in advance and downtime is kept to a minimum.
All payments are handled through Stripe and are fully PCI-compliant. We do not directly store any customer credit card information.
In addition to ongoing internal security evaluation, we run a crowdsourced bug bounty program with Hackerone.