Security & Compliance

Your data security is our top priority

We've built EngageFlow with security and privacy at its core — not as an afterthought.

🔒

GDPR

Full EU compliance

🛡️

TLS 1.3

Encrypted in transit

🔐

AES-256

Encrypted at rest

☁️

Google Cloud

SOC 2 certified infra

Data Handling

How we handle your data

What We Process

EngageFlow processes message content solely to generate AI response suggestions. This includes analyzing conversation history, detecting language/sentiment, and generating contextual draft replies. Processing happens in real-time and is not stored beyond the active session.

What We Don't Do

  • Never sell your data to third parties
  • Never use data to train models for other customers
  • Never store credentials or passwords
  • Never access accounts without explicit authorization

Data Retention

Config data is retained during your subscription. AI drafts are ephemeral. Analytics are aggregated and anonymized. Request full deletion anytime at hello@engageflow.tech.

Infrastructure

Enterprise-grade cloud architecture

Cloud Provider

Our backend runs on Google Cloud Platform — Cloud Run for compute, Supabase (managed PostgreSQL) for data storage. GCP holds SOC 2 Type II, ISO 27001, and ISO 27018 certifications.

Network Security

  • TLS 1.3 for all API communication
  • Rate limiting on all API endpoints
  • Server-side request validation and signature verification
  • Hardware-bound license authentication (HWID)

AI Model Security

Our AI runs on Google Vertex AI with dedicated endpoints and context caching. No customer data is used to fine-tune base models — we use Google's foundation models with per-customer prompting.

GDPR

Your rights under GDPR

  • Right of Access — Request a copy of your personal data
  • Right to Erasure — Request deletion ("right to be forgotten")
  • Right to Portability — Export in machine-readable format
  • Right to Restrict — Limit how we use your data
  • Right to Object — Object to processing

Data Processing Agreement

Enterprise customers can request a custom DPA. Contact hello@engageflow.tech.

Responsible AI

Our approach to ethical AI

Human-in-the-Loop

Every AI response requires human approval before sending. Our Quality Gate ensures no message reaches your audience without authorization.

Bias & Transparency

We monitor outputs for bias, toxicity, and hallucination. Confidence scores flag low-quality suggestions for mandatory review. We do not support deceiving users about AI-generated content.

Have security questions?

We can provide custom DPAs and compliance documentation for enterprise customers.

Contact Security Team Privacy Policy