Security and Privacy

At HelloFlow, we deliver critical services to our customers. These trusted services are delivered in line with regulatory and best practice requirements.

How we do it?

We help you gather and manage your customer data, thus we do what it takes to handle it in the most robust and secure manner possible.

As a company providing global services, HelloFlow aims to comply with the highest international standards for data protection. We ensure that all data is encrypted. Our aim is to provide equivalent security throughout the processing and transferring of data across borders.

Our security and privacy frameworks are based on and aligned with GDPR standards.

Availability

Our backup and replication program ensures data availability across primary and secondary systems. The Disaster Recovery program ensures that services remain available or are recoverable in case of disaster.

Data encryption

All web traffic through Persona is encrypted via HTTPS and TLS 1.2. Data in the database is encrypted using AES-256 encryption. Decryption keys are stored on separate hosts and rotated on a regular basis.

Secure development

We implement coding best practices focused on the OWASP Top Ten. Development, testing, and production environments are separated. All code changes are peer reviewed and tested prior to deployment into production.

Policies & training

A comprehensive set of security policies and trainings are made available and shared with all personnel with access to Persona systems.

Third party audits

In addition to our extensive internal scanning and testing program, we employ third-party security experts to perform penetration tests.

Internal controls

All employees undergo background checks and are subject to ongoing background checks throughout their employment.

Privacy by design

Your data is yours to own. We never sell user data and provide you secure methods to delete it in accordance with privacy regulations.

Privacy impact assessments

We continuously evaluate the impact of our activities on data privacy to ensure that we collect the minimum data needed and improve our practices.