Security

Everything we build runs on enterprise-grade cloud infrastructure with encryption at rest and in transit (TLS 1.2+). Production environments are isolated from development and access is restricted to named team members.

We use scoped, least-privilege credentials for every integration. Secrets are stored in a managed secret vault, rotated on a regular schedule, and revoked immediately when a team member leaves.

Every system is monitored 24/7 with automated alerts on failure, latency, and unusual activity. Real incidents are handled by our on-call team and reported to you within 24 hours, with a written post-mortem within 5 business days.

We process the minimum data required to run your workflow. We do not train external AI models on your data. On request we'll sign a Data Processing Agreement.

We sign mutual NDAs by default and can support GDPR data subject requests. Reach out for SOC 2 status, sub-processor lists, or vendor security questionnaires.

Found something? Email security@brightflow.ai. We'll acknowledge within one business day.