Trust & Security

Your Data, Protected

Security isn't a feature โ€” it's foundational to everything we build. Here's how we keep your data safe.

๐Ÿ”AES-256
Encryption
๐Ÿ›ก๏ธSOC 2
Roadmap
๐Ÿ‡ช๐Ÿ‡บGDPR
Compliant
๐Ÿ”’TLS 1.3
In Transit
โฑ๏ธ99.99%
Uptime

Security Measures

๐Ÿ”

Data Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Your clients' sensitive information is protected at every step โ€” from form submission to file upload to database storage.

๐Ÿ›ก๏ธ

SOC 2 Compliance Roadmap

We're actively working toward SOC 2 Type II certification. Our infrastructure and processes are built on SOC 2 principles: security, availability, processing integrity, confidentiality, and privacy.

๐Ÿ‡ช๐Ÿ‡บ

GDPR Compliance

OnboardFlow is fully GDPR compliant. We offer Data Processing Agreements (DPAs), support data export and deletion requests, implement data minimization, and never sell your data to third parties.

๐Ÿ”

Regular Security Audits

We conduct regular security assessments, vulnerability scanning, and penetration testing. Our codebase undergoes automated security scanning with every deployment.

โ˜๏ธ

Data Hosting

OnboardFlow is hosted on Vercel's edge network with database infrastructure on Neon (PostgreSQL). Both providers maintain SOC 2 Type II certification and offer enterprise-grade reliability with 99.99% uptime SLAs.

๐Ÿ”‘

Access Controls

Role-based access control (RBAC) ensures team members only see what they need. All admin actions are logged in an audit trail. Two-factor authentication (2FA) is available for all accounts.

Security Practices

  • โœ“Secure software development lifecycle (SSDLC)
  • โœ“Automated dependency vulnerability scanning
  • โœ“Environment isolation (production, staging, development)
  • โœ“Encrypted backups with point-in-time recovery
  • โœ“Incident response plan with 24-hour notification commitment
  • โœ“Employee security training and access reviews
  • โœ“Vendor security assessments for all sub-processors
  • โœ“Data retention policies with automatic purging

Have security questions?

We're happy to discuss our security practices, provide our security questionnaire, or arrange a call with our team.

Contact Security TeamPrivacy Policy โ†’

FAQ ยท Privacy ยท Terms ยท Pricing