Security policy

What security certifications does BetterFlow hold?

Our organization adheres to these standards and frameworks:

• ISO 27001:2013 — Information Security Management
• ISO 9001:2015 — Quality Management Systems
• GDPR — General Data Protection Regulation

We maintain designated security officers. We conduct regular security assessments. 100% of code changes undergo security-focused review.

How does BetterFlow control access?

Authentication

• Strong password requirements (8+ characters, mixed case)
• Separate portals for staff and clients
• Automatic lockout after failed login attempts
• Session timeout policies

Authorization

Role-based access control follows a strict hierarchy:

• Super Admin — Full system access
• Admin — Organization-level management
• Employee — Standard user access
• Client — Limited project-specific access

We follow least-privilege principles. We conduct regular permission reviews.

How does BetterFlow protect data in transit and at rest?

Encryption

• In transit: TLS 1.2+ for all data transmission
• At rest: AES-256 encryption for databases

Data classification

Data is classified into these categories:

• Public — Publicly available information
• Internal — Business operational data
• Confidential — Sensitive business information
• Restricted — Highly sensitive personal data

4. Infrastructure security

• Enterprise-grade firewall protection
• Intrusion detection and prevention systems
• DDoS mitigation services
• Hardened server configurations
• Automated security patching
• Kubernetes container security

How does BetterFlow handle security incidents?

Audit logging

• 30-day activity log retention
• Tamper-proof storage
• Comprehensive action tracking

Incident response

• 24-hour initial response commitment
• 72-hour GDPR breach notification compliance
• Documented incident response procedures

Backup strategy

• Daily automated backups
• 30-day backup retention
• Geographically distributed storage
• 4-hour Recovery Time Objective (RTO)
• 24-hour Recovery Point Objective (RPO)

6. Physical and third-party security

Data center security

• Tier 3+ certified data centers
• 24/7 physical security monitoring
• Biometric access controls

Vendor management

• Security assessments for all vendors
• OAuth 2.0 integration controls
• Data Processing Agreements in place

7. Security testing practices

As a product built by a QA company, BetterFlow undergoes rigorous testing. Our testing program includes:

• Quarterly penetration testing by certified ethical hackers
• Automated OWASP Top 10 vulnerability scanning
• Static code analysis in the CI/CD pipeline
• Dependency vulnerability monitoring with alerts
• Annual third-party security audit and compliance review

100% of code changes undergo security-focused review. We respond to reported issues within 48 hours.

8. Employee security training

All BetterFlow team members complete mandatory training. Our program covers:

• Annual security awareness training
• OWASP secure coding training for developers
• Quarterly phishing simulation exercises
• Background checks for team members with data access
• NDA and confidentiality agreements for all personnel

9. Contact information