Enterprise Security

Security you can trust

Your data security is our top priority. We employ industry-leading practices and undergo rigorous third-party audits to ensure your assets are protected.

View Certifications Contact Security Team
Compliance

Industry-recognized certifications

We maintain compliance with the highest industry standards to give you confidence in our security posture.

SOC 2 Type II

Certified

Annual third-party audit of security controls

GDPR

Compliant

EU data protection regulation compliance

ISO 27001

In Progress

Information security management certification

HIPAA

Ready

Healthcare data protection standards

Security Features

How we protect your data

Multiple layers of security ensure your asset data remains private, secure, and available when you need it.

Data Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Your sensitive information is protected at every stage.

  • AES-256 encryption at rest
  • TLS 1.3 for all data in transit
  • Encrypted database backups
  • Secure key management with HSM

Access Control

Granular role-based access control ensures users only see what they need to see.

  • Role-based access control (RBAC)
  • Single Sign-On (SSO) with SAML/OIDC
  • Multi-factor authentication (MFA)
  • IP allowlisting available

Audit Logging

Complete audit trail of all actions for compliance and forensic analysis.

  • Comprehensive action logging
  • Immutable audit records
  • Exportable audit reports
  • Real-time activity monitoring

Infrastructure Security

Enterprise-grade cloud infrastructure with redundancy and disaster recovery.

  • Hosted on AWS with multi-AZ deployment
  • Automated backups with point-in-time recovery
  • 99.9% uptime SLA guarantee
  • Geographic redundancy available

Penetration Testing

Regular third-party security assessments to identify and remediate vulnerabilities.

  • Annual third-party penetration tests
  • Continuous vulnerability scanning
  • Bug bounty program
  • Responsible disclosure policy

Incident Response

Documented procedures for detecting, responding to, and recovering from security incidents.

  • 24/7 security monitoring
  • Documented incident response plan
  • Customer notification within 72 hours
  • Post-incident analysis and reporting
Data Handling

Your data, your control

We believe you should have complete control over your data. Here is how we handle it responsibly.

Data Ownership

You own your data. We are just the custodians. Export all your data anytime in standard formats.

Data Retention

We retain your data only as long as you need it. Upon account termination, data is securely deleted within 30 days.

Data Location

By default, data is stored in US data centers. EU and other regional hosting available for Enterprise plans.

Third Parties

We carefully vet all subprocessors and maintain a list of approved vendors. No selling or sharing of your data.

Zero Trust Architecture

Every request is authenticated and authorized. We never assume trust based on network location.

FAQ

Security questions

Common questions about our security practices and policies.

How is my data encrypted?
All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Database backups are also encrypted, and encryption keys are managed using hardware security modules (HSMs).

Do you support Single Sign-On (SSO)?
Yes, we support SSO via SAML 2.0 and OpenID Connect (OIDC). SSO is available on our Professional and Enterprise plans. We integrate with popular identity providers like Okta, Azure AD, and Google Workspace.

How often do you perform security audits?
We undergo an annual SOC 2 Type II audit by an independent third party. We also conduct quarterly penetration tests and run continuous vulnerability scanning on our infrastructure.

What happens if there is a data breach?
We have a comprehensive incident response plan. In the event of a confirmed breach affecting your data, we will notify you within 72 hours with details about the incident, its impact, and remediation steps.

Can I get a copy of your security documentation?
Yes, we provide our SOC 2 report, security questionnaire responses, and other documentation to customers and prospects under NDA. Contact our security team at security@flottix.com to request access.

Do you have a bug bounty program?
Yes, we maintain a responsible disclosure program for security researchers. Details are available at our security page, and we recognize researchers who help us improve our security posture.

Related resources

Explore our security features, legal documents, and data processing agreements.

Enterprise Security

SSO, MFA, audit logs, and advanced security features

Privacy Policy

How we collect, use, and protect your data

Data Processing Agreement

GDPR-compliant DPA for enterprise customers

Security Inquiries

Request SOC 2 report or ask security questions

Have security questions?

Our security team is here to help. Whether you need our SOC 2 report, have questions about our security practices, or want to report a vulnerability.

security@flottix.com Download Security Whitepaper
SOC 2 Type II Certified
GDPR Compliant
256-bit Encryption