Security and Privacy at FlexDesk
Learn about how we work to protect customer data with policies, controls, and monitoring. And, prove our security and compliance to third-party auditors.
Security Principles
Principle of least privilege
Access is limited to only those with a legitimate business need and granted on a principle of least privilege.
Layered access control
Rule-based access controls for customers and internal employees to ensure data access is restricted to employees by roles defined by customers.
Third-party controls
Verifying the security posture of existing and new vendors that FlexDesk works with to ensure compliance as controllers, processors, or sub-processors (including but not limited to signing DPAs where appropriate).
Continuous improvement
Monitoring and continuous effort to improve our security posture over time with a conscious effort to increase auditability of systems.
Data protection
Data in transit
FlexDesk uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. Server TLS keys and certificates are managed by our cloud providers.
Data at rest
All datastores with customer data, in addition to Google Cloud Storage (GCS) buckets, are encrypted at rest. Our datastores are also restricted to connections from within our VPC.
Compliance and Certifications
We strive to meet the highest level of security certification using Vanta to manage our compliance posture in addition to third-party auditors who help check, verify, and certify our compliance setup.
Our SOC 2 Type 2 report can be made available upon request.
