GoodFlow’s Statement on Security

Introduction

We use GoodFlow every day to keep our team organized, connected, and focused on results. Ensuring our platform remains secure is vital to protecting our own data, and protecting your information is our highest priority.

Our security strategy covers all aspects of our business, including:

  • GoodFlow corporate security policies
  • Physical and environmental security
  • Operational security processes
  • Scalability & reliability of our system architecture
  • Data model access control in GoodFlow
  • Systems development and maintenance
  • Service development and maintenance
  • Regularly working with third party security experts

GoodFlow Corporate Security Policies & Procedures

Every GoodFlow employee is expected to respect the terms of our data confidentiality policies, available at  goodflow.io/privacy. Access rights are based on an employee’s job functions and roles.

Security in our Software Development Lifecycle

GoodFlow uses the git revision control system. Changes to GoodFlow’s code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server where our team is able to test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features.

GoodFlow Architecture & Scalability

Scalability/Reliability of Architecture

GoodFlow uses Amazon Web Services and Google Oauth to manage user data. The database is replicated synchronously so that we can quickly recover from a database failure. As an extra precaution, we take regular snapshots of the database and securely move them to a separate data center so that we can restore them elsewhere as needed, even in the event of a regional Amazon failure.

We currently host data in secure data centers of AWS via MongoDB Atlas.

Encrypted Transactions

Web connections to the GoodFlow service are via TLS 1.2 and above.

Information Security

Security Consulting and Application Review

We have a responsible disclosure policy that allows security researchers to report vulnerabilities in our application.

Data Center Security

Amazon

Amazon employs a robust physical security program. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security.

Product Features

Administrator Management Features

Authentication – We use Google OAuth APIs to perform a Single Sign-On through Google while doing so we ensure that the email provided by the Google Auth server is a valid user of the GoodFlow system.

User Features

Privacy, Visibility, & Sharing Settings – Customers determine who can access different categories of data like workflows, performs, and respective data.

Privacy

Privacy Policy

GoodFlow’s privacy policy, which describes how we handle data input into GoodFlow, can be found at goodflow.io/privacy

Availability

We are committed to making GoodFlow consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted.

Want to report a security concern?

Email us at security@goodflow.io

Copyright 2020-2024 Appradius Technologies. All rights reserved A Product by Appradius

Become a Sales Partner