S
Simply Flow
Back to home

Security

Last updated: January 30, 2026

1. Infrastructure Security

Simply Flow is built on enterprise-grade infrastructure with security at every layer:

  • Encryption in Transit: All data is transmitted over TLS 1.2+ encrypted connections
  • Encryption at Rest: All data stored in our databases is encrypted using AES-256
  • Encrypted Backups: Database backups are automatically encrypted and stored securely
  • Network Security: Our infrastructure uses firewalls, VPCs, and network segmentation

2. Access Control

We implement strict access controls to protect your data:

  • Row-Level Security: Database policies ensure users can only access their own data
  • Multi-Tenant Isolation: Each organization's data is logically separated
  • Role-Based Access: Staff access is limited based on job function
  • Strong Authentication: We enforce strong password requirements and support MFA
  • Access Logging: All access to personal data is logged for audit purposes

3. Data Protection

We take a proactive approach to data protection:

  • Data Minimization: We only collect and store data necessary for service delivery
  • Retention Policies: Automated data retention ensures data is not kept longer than needed
  • Data Loss Prevention: Automatic backups, cascade protections, and monitoring prevent data loss
  • Secure Deletion: When data is deleted, it is permanently removed from our systems

4. Incident Response Policy

We maintain a comprehensive security incident response policy to quickly address any security concerns:

4.1 Detection & Identification

  • 24/7 automated monitoring for suspicious activity
  • Real-time alerting for potential security events
  • Regular log analysis and anomaly detection
  • User-reported incident intake via support@simplyflowai.com

4.2 Containment

  • Immediate isolation of affected systems
  • Temporary access restrictions as needed
  • Preservation of evidence for investigation
  • Escalation to security team within 1 hour of detection

4.3 Investigation & Eradication

  • Root cause analysis by security team
  • Forensic examination of affected systems
  • Removal of threats and vulnerabilities
  • Documentation of findings and actions taken

4.4 Notification

  • Affected users notified within 72 hours of confirmed breach
  • Regulatory authorities notified as required by law
  • Clear communication of what happened and remediation steps
  • Ongoing updates until incident is fully resolved

4.5 Recovery & Post-Incident

  • System restoration from clean backups if needed
  • Verification of system integrity before resuming service
  • Post-incident review and lessons learned
  • Policy and procedure updates based on findings

5. Third-Party Security

Our infrastructure partners maintain rigorous security standards:

  • Supabase: SOC 2 Type II certified, encrypted storage
  • Vercel: SOC 2 Type II certified, DDoS protection
  • ElevenLabs: Enterprise-grade voice processing security
  • Twilio: SOC 2 certified, encrypted communications

6. Reporting Security Issues

If you discover a security vulnerability or have security concerns, please contact us immediately:

  • Email: support@simplyflowai.com
  • Response Time: We acknowledge all reports within 24 hours
  • Responsible Disclosure: We appreciate responsible disclosure and will work with you to address issues