Security & Trust

Built for businesses that can't afford
to get this wrong.

Enterprise-grade security, transparent data practices, and a compliance roadmap built around regulated industries. Everything you need to evaluate EmpireFlow for Tier 3 and Tier 4 deployment.

🔒 TLS 1.3 in Transit
🛡️ AES-256 at Rest
📋 SOC 2 In Progress
GDPR Compliant
CCPA Compliant
🏥 HIPAA-Eligible Arch

Infrastructure & Encryption

EmpireFlow runs on infrastructure providers with independent SOC 2 Type II certifications. We inherit their controls and add our own application-layer hardening on top.

🏗️

Infrastructure

Hosted on Render (SOC 2 Type II) with Neon PostgreSQL (SOC 2 Type II) for the database layer. Static assets and file storage via Cloudflare R2. All providers carry independent audit reports available on request.

🔐

Encryption

TLS 1.3 enforced on all connections — no fallback to older protocols. Data at rest encrypted with AES-256-GCM. OAuth tokens additionally encrypted at the application layer before storage.

🔑

Authentication

Scoped API keys with principle of least privilege. OAuth 2.0 for third-party integrations. Optional SSO (SAML 2.0) for Enterprise tier deployments. JWT sessions with server-side invalidation on logout.

🗝️

Secrets Management

All credentials managed through environment isolation — no plaintext storage, no secrets in source control. Sandbox AI execution environments enforce allowlist-only env construction. Production credentials cannot be accessed by agent processes.

Your Data Stays Yours

We collect what we need to run the product. We don't sell it, share it beyond your instruction, or use it to train models.

🇪🇺

GDPR Compliance

EU customer data processed under lawful basis. Data Processing Agreement (DPA) available on request for Enterprise accounts. Right to access, rectification, and erasure honored within 30 days.

🇺🇸

CCPA Compliance

California residents can request data disclosure, opt out of sale (we don't sell data), and request deletion. Consumer rights requests handled within 45 days. Contact: security@empireflow.ai

🤖

No AI Training on Your Data

Customer data and conversation history are never used to train models — ours or any sub-processor's. OpenAI API is called with zero-retention configured. Your leads' data doesn't improve anyone else's product.

🌍

Data Residency

US data residency by default. EU data residency available on Enterprise tier (Empire Flow). Data residency options ensure your customer PII stays within required jurisdictions for compliance.

Where We Are and Where We're Headed

Compliance is a journey, not a checkbox. Here's our honest current state and target timeline.

In Progress

SOC 2 Type II — Target Q3 2026

Formal audit underway. Security controls mapped against Trust Services Criteria. Report will be available to Enterprise customers under NDA upon completion.

Enterprise

HIPAA-Eligible Architecture

Designed for med spa and healthcare verticals on Enterprise tier. BAA (Business Associate Agreement) available for eligible customers. Data isolation, audit logging, and access controls meet HIPAA technical safeguard requirements.

Done

PCI DSS — Handled by Stripe

We never touch, store, or transmit card data. All payment processing is handled exclusively by Stripe, a Level 1 PCI DSS certified provider. No cardholder data ever passes through EmpireFlow systems.

Done

GDPR & CCPA Compliance

Data processing practices aligned with GDPR Article 6 lawful basis and CCPA requirements. DPA template available. Consent management, right-to-erasure flows, and sub-processor agreements in place.

Who We Share Data With and Why

Complete list of third-party services that process customer data on our behalf. Last updated May 2026.

Vendor Category Purpose & Data Processed
Stripe
Payments
Subscription billing and payment processing. Stripe handles all cardholder data — we receive only tokenized payment methods. PCI Level 1 certified.
Postmark
Email
Transactional and drip email delivery (audit results, onboarding sequences, nurture emails). Recipient email addresses and message content transmitted. SOC 2 Type II certified.
Twilio
SMS / Voice
Missed-call text-back automation and SMS follow-up sequences. Phone numbers and message content processed. ISO 27001 + SOC 2 certified.
OpenAI
AI Inference
AI Employee conversation processing (chat, receptionist, SDR workflows). Called with zero-retention API — data is not used for training or stored beyond request duration. Enterprise API agreement in place.
Neon
Database
Primary database hosting for all customer and lead data. US-East region by default. SOC 2 Type II certified. Encryption at rest and in transit enforced.
Render
Hosting
Web application hosting and runtime environment. Processes all inbound traffic and runs application logic. SOC 2 Type II certified. US region by default.
Cloudflare
CDN / Storage
Static asset delivery via CDN and file storage (R2). No customer PII stored — handles public assets and uploaded media only. SOC 2 Type II certified.

99.9% Uptime Target

EmpireFlow is a production business tool. Downtime costs you leads. Here's how we think about availability.

All systems operational — Infrastructure healthy
Status Page →

Target SLA

99.9% monthly uptime target across web application and API. Planned maintenance windows communicated 48 hours in advance via email.

🔄

Zero-Downtime Deploys

Rolling deployments with zero-downtime cutover — no maintenance windows for standard releases. Database migrations run before code cuts over.

💾

Database Backups

Daily automated backups with point-in-time recovery. 30-day retention. Backup restoration tested quarterly. Recovery time objective (RTO) under 4 hours.

When Something Goes Wrong

Security incidents happen. What matters is how fast you know and how quickly they're resolved.

24h
Acknowledgment SLA
All security@ reports acknowledged within 24 hours. Critical severity within 4 hours.
72h
Customer Notification
Affected customers notified within 72 hours of confirmed breach — meeting GDPR Article 33 requirements.
7d
Post-Incident Report
Full post-incident report delivered to Enterprise customers within 7 days of resolution.
Report a security issue: Email security@empireflow.ai — please include a description, reproduction steps, and any evidence. We do not have a public bug bounty program but we respond to every responsible disclosure.

Guardrails on Every AI Employee

AI Employees interact with your customers. We've built safety layers that keep them on-script, on-brand, and within appropriate boundaries.

🚫 No financial commitments. AI Employees are instructed to refuse to make price guarantees, contractual commitments, or financial representations on your behalf. Anything that could bind your business escalates to a human.
🔼 Escalation triggers. Defined escalation thresholds — legal questions, medical advice, urgent safety concerns, negative reviews above threshold — automatically surface to your inbox for human review before response.
📝 Full conversation logging. Every AI conversation is logged with timestamp, session ID, and outcome. Accessible from your Command Center dashboard. Retained for 90 days (Enterprise: configurable).
👤 Human-in-the-loop on Enterprise. Empire Flow (Tier 4) includes a human review queue for flagged interactions. AI drafts the response — your team approves before send. Available for SMS, email, and chat channels.
🧱 Prompt injection protection. User inputs are sanitized and bounded by system-level context windows. Adversarial attempts to override AI instructions are blocked at the prompt construction layer.
🔍 Bias and quality monitoring. Response quality scoring on outbound messages. Anomaly detection flags unusual response patterns for human review. Monthly automated audit of sample conversation transcripts.

Enterprise Security Questions

Customer and lead data is stored in Neon PostgreSQL, hosted in the US-East region by default. Enterprise (Empire Flow) customers can request EU data residency. All data is encrypted at rest with AES-256 and in transit with TLS 1.3.
Yes. Full data exports (leads, conversations, analytics, customers) are available on request for all paid tiers. Enterprise customers have access to bulk export via the Command Center dashboard. Data is exported in JSON or CSV format. Exports are processed within 48 hours.
You retain access to export your data for 30 days after cancellation. After 30 days, customer-identifiable data is deleted from live systems. Anonymized aggregate analytics may be retained for product improvement. Backups cycle out within 90 days of deletion.
Only integrations you explicitly configure and authorize. AI Employees operate on data you've imported or that flows through EmpireFlow channels (chat, SMS, email). No read access to third-party systems without a configured, scoped API integration. Enterprise integrations are reviewed during onboarding.
Yes, on the Enterprise tier (Empire Flow). We support SAML 2.0 SSO for identity providers including Okta, Azure AD, Google Workspace, and OneLogin. SSO setup is handled during Enterprise onboarding with dedicated support.
HIPAA-eligible architecture is available on the Enterprise tier (Empire Flow). We can execute a Business Associate Agreement (BAA) for covered entities in healthcare and related verticals (med spas, healthcare practices, wellness businesses). Contact security@empireflow.ai to begin the BAA process before starting a trial if you have PHI requirements.
Yes. A standard DPA is available for any paid customer processing EU personal data. Email security@empireflow.ai with your company name and we'll send the agreement within 2 business days. Custom DPA terms are available for Enterprise accounts.
PII shared in conversations (names, phone numbers, email addresses) is stored in your account database and attributed to leads. It is never shared with third parties beyond the sub-processors listed above. OpenAI processes conversation content with zero-retention — no data is stored after inference completes. You can request PII deletion for any individual lead via the Command Center or security@empireflow.ai.

Need a custom security review?

Enterprise evaluations include a security questionnaire walkthrough, architecture review, and access to compliance documentation under NDA.