FlowManner
Chat
Sign InGet Started
Trust

Security by design.

Last updated: June 13, 2026

Contents

  • 1. Security Overview
  • 2. Encryption
  • 3. BYOK & API Key Security
  • 4. Infrastructure
  • 5. Access Control
  • 6. Monitoring & Logging
  • 7. Incident Response
  • 8. Compliance
  • 9. Vulnerability Disclosure

1. Security Overview

Security is core to FlowManner. We design every component with a security-first mindset, from the infrastructure layer to the application code. This page provides transparency into our security practices.

2. Encryption

  • In transit: All data is encrypted using TLS 1.3. HSTS is enforced.
  • At rest: All databases and storage volumes use AES-256 encryption.
  • API keys: User-provided LLM API keys are encrypted using envelope encryption with AWS KMS. Keys are never stored in plaintext and are only decrypted in memory during request execution.

3. BYOK & API Key Security

Your API keys are processed in isolated memory contexts and are never written to disk, logs, or databases in plaintext. We use short-lived decryption tokens with automatic rotation.

4. Infrastructure

  • Containerized deployment with no SSH access to production instances
  • All services run behind a WAF (Web Application Firewall)
  • Database access restricted to private network only (WireGuard VPN)
  • Automated security patching with < 24h SLA for critical CVEs

5. Access Control

  • Principle of least privilege enforced across all systems
  • MFA required for all internal admin access
  • Production database access requires break-glass approval (audited)
  • No individual has standing access to customer data

6. Monitoring & Logging

  • Real-time security event monitoring with automated alerting
  • All admin actions logged with immutable audit trail
  • Anomaly detection on authentication patterns
  • Regular log review by security team

7. Incident Response

  • Dedicated incident response team and runbooks
  • Customer notification within 72 hours of confirmed breach
  • Post-incident reviews published for transparency
  • Quarterly incident response drills

8. Compliance

  • GDPR compliant (EU data protection)
  • CCPA compliant (California Consumer Privacy Act)
  • SOC 2 Type II (in progress)
  • Regular third-party security audits

9. Vulnerability Disclosure

We welcome responsible security research. If you discover a vulnerability:

  • Email security@flowmanner.com with details
  • Allow 90 days for remediation before public disclosure
  • We acknowledge receipt within 48 hours

We do not pursue legal action against good-faith security research.

FlowManner

Run AI missions at scale.

Product

  • Workflows
  • Agents
  • Pricing
  • Changelog

Resources

  • Documentation
  • Templates
  • Guides
  • API Reference

Company

  • About
  • Blog
  • Careers
  • Contact

Legal

  • Privacy
  • Terms
  • Security
  • DPA

© 2026 FlowManner. All rights reserved.

GitHubX