Security and Privacy at FlexDesk

Learn about how we work to protect customer data with policies, controls, and monitoring. And, prove our security and compliance to third-party auditors.

Security Principles

1

Principle of least privilege

Access is limited to only those with a legitimate business need and granted on a principle of least privilege.

2

Layered access control

Rule-based access controls for customers and internal employees to ensure data access is restricted to employees by roles defined by customers.

3

Third-party controls

Verifying the security posture of existing and new vendors that FlexDesk works with to ensure compliance as controllers, processors, or sub-processors (including but not limited to signing DPAs where appropriate).

4

Continuous improvement

Monitoring and continuous effort to improve our security posture over time with a conscious effort to increase auditability of systems.

Data protection

Data in transit

FlexDesk uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. Server TLS keys and certificates are managed by our cloud providers.

Data at rest

All datastores with customer data, in addition to Google Cloud Storage (GCS) buckets, are encrypted at rest. Our datastores are also restricted to connections from within our VPC.

Compliance and Certifications

We strive to meet the highest level of security certification using Vanta to manage our compliance posture in addition to third-party auditors who help check, verify, and certify our compliance setup.

Our SOC 2 Type 2 report can be made available upon request.

AICPA SOC