Enterprise-grade security

Security at FiveFlow

Your data security is our top priority. We implement industry-leading security measures to protect your business and customer information.

Australian Privacy Act
Google Cloud Infrastructure
Stripe PCI DSS
TLS 1.3 Encryption

How We Protect Your Data

Multiple layers of security at every level

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Infrastructure

Hosted on Google Cloud Platform with SOC 2 Type II and ISO 27001 certifications.

Access Control

Role-based access control (RBAC) with mandatory multi-factor authentication for all staff.

Monitoring

24/7 security monitoring, intrusion detection, and automated threat response.

Backups

Automated daily backups with point-in-time recovery. Backups encrypted and geo-redundant.

Incident Response

Documented incident response procedures with 1-hour response SLA for critical issues.

Compliance & Certifications

Meeting the highest industry standards

Australian Privacy Act

Compliant

Full compliance with Australian Privacy Principles (APPs)

Google API Policy

Compliant

Adherent to Google API Services User Data Policy

PCI DSS

Via Stripe

Payment processing handled by Stripe (PCI Level 1 certified)

Infrastructure Security

Google Cloud

Built on Google Cloud Platform (SOC 2, ISO 27001 certified)

GDPR

Ready

Data protection measures aligned with EU requirements

Data Encryption

Active

AES-256 at rest, TLS 1.3 in transit

Security Practices

Secure Development

  • Code reviews required for all changes
  • Automated security scanning in CI/CD
  • Dependency vulnerability monitoring
  • Regular penetration testing

Employee Security

  • Background checks for all employees
  • Security awareness training
  • Principle of least privilege
  • Secure workstation policies

Data Protection

  • Data classification and handling policies
  • Encryption key management
  • Secure data deletion procedures
  • Regular access audits

Data Retention

We only keep your data as long as necessary

Data TypeRetention Period
Account InformationUntil account deletion + 30 days
Customer DataUntil you delete it or close account
Google Review DataSynced from Google, deleted on disconnect
SMS/Email Logs90 days
Usage Analytics12 months (anonymized after)
Payment Records7 years (legal requirement)

Breach Notification

Our commitment to transparency in the unlikely event of a security incident

In the unlikely event of a data breach:

1

Immediate Containment

We take immediate steps to contain and remediate the breach

2

72-Hour Notification

Affected users notified within 72 hours of discovery

3

Regulatory Reporting

Report to OAIC (Office of the Australian Information Commissioner) as required

4

Clear Communication

Provide details on what data was affected and recommended actions

Responsible Disclosure Program

We welcome security researchers to report vulnerabilities responsibly. Valid reports are eligible for rewards up to $5,000.

Report a Vulnerability

security@fiveflow.com.au

Questions About Security?

Our security team is happy to answer questions and provide additional documentation.

Contact Security Team
Admin Access