Security First

Professional-grade security

Your data security is our top priority. We implement industry-leading security measures to protect your business and your customers' information. All data is hosted in Frankfurt, Germany within the European Union.

99.9%
Uptime SLA
<72h
Breach Notification
AES-256
Encryption Standard
GDPR
Compliance

Data protection

Encryption at Rest

AES-256

All data stored in our databases is encrypted using AES-256, the same standard used by banks and governments.

Encryption in Transit

TLS 1.3

All data transmitted between your browser and our servers is encrypted using TLS 1.3 with modern cipher suites.

OAuth 2.0 Authentication

OAuth 2.0

We use industry-standard OAuth 2.0 with Google, Facebook, and Apple for secure authentication. No passwords stored.

JWT Token Security

Rotating

Access tokens expire after 1 hour. Refresh tokens are rotated on each use and can be revoked instantly.

Infrastructure Security

ISO 27001

Hosted on Hetzner in Frankfurt, Germany with ISO 27001 certification, enterprise-level security, DDoS protection, and automatic failover.

Daily Backups

PITR

Automated daily backups with point-in-time recovery. Backups are encrypted and stored in geographically separate locations.

Security practices

Security Monitoring

Real-time monitoring and alerting for suspicious activities, failed login attempts, and potential threats.

Regular Updates

Dependencies and systems are regularly updated to address security vulnerabilities and maintain best practices.

Access Controls

Role-based access control (RBAC) ensures team members only access data necessary for their role.

Security Audits

Regular security assessments and code reviews to identify and address potential vulnerabilities.

Compliance & certifications

GDPR Compliant

  • Data processing agreements
  • Right to access & deletion
  • Data portability
  • Breach notification

PCI DSS

  • Secure payment processing via iyzico
  • No card data stored
  • Tokenised transactions
  • Fraud protection

Incident response

Our commitment

In the unlikely event of a security incident affecting your data, we commit to:

  • Notifying affected users within 72 hours of discovery
  • Providing clear information about what data was affected
  • Taking immediate steps to contain and remediate the incident
  • Conducting thorough post-incident reviews

Report a vulnerability

We appreciate responsible disclosure. If you discover a security vulnerability, please report it to us at contact@clientflow.centre

We will acknowledge receipt within 24 hours and work with you to understand and address the issue promptly.

Related documents

Privacy PolicyData Processing AgreementTerms of Service