Security

Vercel Hosting: Our application is hosted on Vercel's enterprise-grade infrastructure with automatic DDoS protection and edge caching.

Supabase Database: Our database is hosted on Supabase with row-level security, automatic backups, and encryption at rest.

Isolated Environments: Production, staging, and development environments are completely isolated.

OAuth 2.0 Only: We authenticate using Salesforce's OAuth 2.0 flow. We never ask for or store your Salesforce password.

Limited Scopes: We request only the minimum permissions needed to read flow metadata. We do not access your Salesforce data records.

Revocable Access: You can revoke FlowDocs' access to your Salesforce org at any time from Salesforce Setup or your FlowDocs account.

Metadata Only: We only store flow definitions and metadata. We do not access or store your actual Salesforce records (Accounts, Contacts, etc.).

Data Retention: When you delete your account or disconnect an org, we delete all associated data within 30 days.

No Data Selling: We never sell your data to third parties. See our Privacy Policy for details.

Secure Authentication: User authentication is handled through Supabase Auth with secure password hashing and optional SSO.

Row-Level Security: Database access is controlled at the row level, ensuring users can only access their own data.

Regular Updates: We regularly update dependencies and apply security patches promptly.