Security

Our Commitment to Security

At ekflow, security is foundational to everything we build. GuIA handles sensitive enterprise data from ERP systems, and we take this responsibility seriously. Our security program is designed to protect your data at every layer.

Infrastructure Security

Cloud Infrastructure

• Hosting: We use Vercel for application hosting and Supabase for data storage, both SOC 2 Type II certified providers.
• Geographic Distribution: Services are deployed across multiple availability zones for redundancy and low latency.
• DDoS Protection: Automatic protection against distributed denial-of-service attacks.
• CDN: Static assets are served through a global CDN with edge caching.

Network Security

• TLS 1.3: All traffic is encrypted in transit using TLS 1.3.
• HSTS: HTTP Strict Transport Security is enforced on all domains.
• Firewall: Web Application Firewall (WAF) protects against common attacks (SQL injection, XSS, etc.).
• Rate Limiting: API endpoints are protected against abuse with intelligent rate limiting.

Data Security

Encryption

• In Transit: All data transmitted between clients and servers is encrypted using TLS 1.3.
• At Rest: All stored data is encrypted using AES-256 encryption.
• API Keys: Third-party API keys are encrypted using envelope encryption with regularly rotated keys.
• Backups: Database backups are encrypted and stored in separate geographic regions.

Multi-Tenant Isolation

• Row Level Security (RLS): Database-level policies ensure organizations can only access their own data.
• Logical Isolation: Each organization's data is logically separated using tenant identifiers.
• Cross-Tenant Testing: Automated tests verify isolation between tenants.

Data Handling

• PII Detection: Automatic detection and redaction of personally identifiable information in screenshots.
• Data Minimization: We collect only the minimum data necessary to provide the service.
• Retention Policies: Configurable data retention with automatic purging of expired data.

Application Security

Secure Development

• Security Reviews: All code changes undergo security review before deployment.
• Static Analysis: Automated scanning for vulnerabilities in code and dependencies.
• Dependency Management: Continuous monitoring and automatic updates for security patches.
• OWASP Top 10: Development practices address the OWASP Top 10 security risks.

Authentication & Authorization

• Password Security: Passwords are hashed using bcrypt with appropriate cost factors.
• Session Management: Secure, HTTP-only cookies with appropriate expiration.
• SSO/SAML: Enterprise single sign-on support for centralized identity management.
• Role-Based Access: Granular permissions system for controlling user access.
• MFA: Multi-factor authentication available for enhanced account security.

Chrome Extension Security

• Minimal Permissions: We request only the permissions strictly necessary for functionality.
• Content Script Isolation: Extension code is isolated from page content.
• Host Restrictions: Extension only activates on authorized ERP domains.
• Code Integrity: Extension code is verified through Chrome Web Store's review process.

AI Security

Data Processing

• No Training on Your Data: Your conversations are NOT used to train AI models.
• Provider Selection: We use enterprise-grade AI providers (Anthropic, OpenAI) with strong privacy commitments.
• Prompt Security: Input validation prevents prompt injection attacks.

Output Safety

• Content Filtering: AI responses are filtered for harmful or inappropriate content.
• Context Boundaries: AI access is limited to your organization's knowledge base.

Operational Security

Access Control

• Principle of Least Privilege: Employee access is limited to what's necessary for their role.
• Background Checks: Security-sensitive roles require background verification.
• Access Logging: All administrative access is logged and audited.

Monitoring & Response

• 24/7 Monitoring: Automated monitoring for security anomalies and system health.
• Incident Response: Documented incident response procedures with defined escalation paths.
• Security Logging: Comprehensive logging for forensic analysis and compliance.

Compliance

Standards & Certifications

• SOC 2 Type II: Our infrastructure providers maintain SOC 2 Type II certification.
• GDPR: We comply with the EU General Data Protection Regulation.
• CCPA: We comply with the California Consumer Privacy Act.

Data Residency

By default, data is stored in US regions. Enterprise customers can request specific geographic data residency (EU, APAC) where available.

Business Continuity

Availability

• Uptime Target: 99.9% availability for Enterprise plans.
• Redundancy: Multi-zone deployment for high availability.
• Failover: Automatic failover procedures for critical components.

Disaster Recovery

• Automated Backups: Daily automated backups with point-in-time recovery capability.
• Geographic Redundancy: Backups stored in multiple geographic regions.
• Recovery Testing: Regular testing of backup and recovery procedures.

Vulnerability Disclosure

We welcome responsible security research. If you discover a potential security vulnerability, please report it to security@ekflows.com.

What to Include

• Detailed description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Any proof-of-concept code (if applicable)

Our Commitment

• Acknowledge receipt within 24 hours
• Provide regular updates on remediation progress
• Credit researchers in our security acknowledgments (if desired)
• Not take legal action against good-faith security researchers

Security Resources

• Privacy Policy: ekflows.com/privacy
• Terms of Service: ekflows.com/terms
• Security Inquiries: security@ekflows.com
• Support: ekflows.com/support

Contact

For security questions or concerns, please contact our security team:

• Email: security@ekflows.com