The FloSynq cloud runs on Render, which maintains SOC 2 Type II attestation and related certifications. Every service is served over managed TLS, and the platform database is backed up daily.
For organisations whose policies require everything inside their own perimeter, the fully installed deployment model runs the entire platform on your infrastructure, inheriting your existing controls. Security review happy either way.
These are the controls your security questionnaire will ask about, and how FloSynq answers them.
Sign-in is handled by Clerk with support for SSO, multi-factor authentication and enterprise session policies. No home-grown auth, no password databases to defend.
Connection credentials are encrypted with AES-256-GCM using per-tenant derived keys. Your ERP and API secrets are never stored in plain text and never shared across tenants.
Multi-tenancy is enforced in the database itself with PostgreSQL row-level security policies, not just application code. Every query is tenant-scoped by design.
Every workflow run, step execution, file movement and API call is recorded with timestamps, inputs and outcomes, ready for internal audit and regulatory review.
Retries with exponential backoff, dead-letter queues for persistent failures, and health checks on every connector. Failures alert people instead of disappearing.
In the hybrid deployment model, business payloads are processed inside your network. Where policy requires, cloud logging can be restricted to metadata only.
Many of our clients operate under frameworks such as DORA and GDPR, with records of processing (RoPA), security questionnaires and vendor due diligence as standard parts of procurement. We support those processes directly: completing questionnaires, agreeing contract schedules, and accommodating audit rights where required.
Where data residency rules constrain where orchestration metadata may live, the deployment model flexes to match: hybrid with minimal cloud data, or fully installed with nothing outside your perimeter.