Our Security & Privacy Practices
TeamFlow® is committed to privacy and security at every level. Your information is securely stored using the latest in encryption and security standards.
TeamFlow® is committed to privacy and security at every level. Your information is securely stored using the latest in encryption and security standards.
Our backup processes ensure data and information consistency with highest standards. Multiple backups are taken per day with a 7 day retention period.
Passwords are not stored on any of our servers. Passwords are hashed (and salted) securely through our authentication partner, Auth0 (which has multiple compliance certifications ranging from ISO27001 to HIPAA).
Your data will never leave the US. Not in the US? We partner with iubenda to comply with all GDRP requirements.
Credit card and payment information is not stored on our servers. All payments made to TeamFlow® go through our payments partner, Stripe (which is PCI compliant).
We currently support SSO with multiple identity providers through our authentication partner, Auth0 (OIDC/OAuth 2.0, SAML 2.0, etc.).
Users are required to validate their accounts via an automated e-mail with a verification link.
Our cloud provider is Google Cloud. We leverage cloud native tools to manage firewall rules, threat detection and DMZ enforcement.
We leverage cloud native tools that manage patching on our virtual machine clusters on a routine basis.
We capture logs, events, and metrics through our partner Sentry. For security vulnerability scanning, we use HostedScan for 24x7 alerts and detection. As well as leveraging native monitoring tools through our cloud partner.
We log every action performed in the system.
We use TeamFlow® (yes, we use our own product ☺) to document our Disaster Recovery and Business Continuity plans. We perform routine exercises of these procedures which guarantee uptime and system availability.
Periodic independent third party penetration tests are performed.
Security and confidentiality incidents submitted to support@teamflow.com or our in-app support chat will be resolved in accordance with established incident policy.
We use StatusPage.io to keep everyone up to date. This service provides several notification options to subscribe for notifications. Additionally, we use our partner Elastic Cloud to monitor service uptime.
We use formal software development lifecycle methodology and best practices in change management procedures. All releases are versioned using Semantic Versioning. Latest updates and release history can be found here.
Monthly risk assessments are performed to ensure the applications are secure and adhering to best practices.
We carefully review our vendors and partners to ensure adherence to our security and compliance requirements.
We keep our list of data subprocessors as up-to-date as possible. Please review our list of data subprocessors here.
An individual's level of access is determined by their job role. We practice a policy of least privilege access. We perform regular logical access reviews and remove access immediately if it's no longer required.
TeamFlow® uses Google Cloud Shell for activities that require sensitive privileged access. This is additionally secured with Cloud Identity and Access Management (IAM).
MFA is enforced for every individual with logical access and required on every third party service that touches our environment.
Our personnel's devices are registered with our asset inventory and secured with antivirus software, device blocking and security patches.
We perform background checks and require confidentiality agreements with all of our personnel. Additionally, we require yearly Security Awareness Training (SAT) certification.
We're happy to help or listen to any other questions / feedback you may have to give you the best possible experience.
Contact UsWith over 30 years of modeling and analyzing workflows for organizations across the world, start today to see how TeamFlow® can help you.
