ContextFlo

Security Overview

Security Overview

Last updated: October 21, 2025

ContextFlo is designed so customer data remains in the customer’s environment. We orchestrate queries and metrics in your warehouse and retain only the minimum information required to operate the service—protected by strong encryption, OAuth-based authentication, and disciplined operational controls.

At a Glance

  • Customer data minimized: Compute runs in your warehouse; we retain only derived results and metadata needed to operate ContextFlo.
  • Credentials encrypted at rest: Warehouse credentials and OAuth tokens are encrypted with AES-256-GCM at the application layer before database storage.
  • Modern authentication: Sign-in via OAuth with trusted identity providers; no plaintext passwords.
  • HTTPS everywhere: All traffic to ContextFlo services is served over HTTPS through our managed hosting platform.
  • Least privilege: Role-based access, restricted operator access, and centralized audit logging.

Data Model & Protection

  • Customer data stays in your environment. ContextFlo connects to your warehouse and executes work there. We only persist derived outputs and operational metadata required to run the product.
  • What we store includes connection secrets (e.g., warehouse credentials, OAuth refresh tokens) needed to connect to your systems, configuration and metadata (integration settings, derived metric definitions, run status), and operational telemetry (service logs and health metrics) with sensitive fields redacted.
  • Encryption at rest: All stored credentials and tokens are encrypted with AES-256-GCM at the application layer before they reach the database, using per-record IVs and versioned keys. Encrypted rows remain encrypted in backups.
  • Encryption in transit: All communication between browsers, APIs, and services is over HTTPS, enforced by our managed hosting platform.
  • Key management: Encryption keys are generated and stored within restricted infrastructure, accessible only to a small set of trusted operators. Keys are rotated manually on a defined schedule and on incident.

Authentication & Access Controls

  • OAuth-based authentication: Users authenticate via OAuth with supported identity providers. We do not store or transmit plaintext passwords.
  • Session security: Sessions are server-side and bound to HTTP-only cookies. Sensitive actions may require re-authentication.
  • Authorization: Role-based checks ensure users can act only within their organization. Sensitive endpoints (e.g., credential management) include explicit org-membership validation and auditing.
  • Production access: Limited to named engineers using hardware-backed MFA; all access is logged centrally.

Monitoring & Secure Operations

  • Logging & alerts: Application and infrastructure logs stream to a central platform with detections for auth anomalies, webhook signature failures, and unusual error rates. Secrets (tokens, passwords) are redacted before ingestion.
  • Release hygiene: Dependency scanning, automated tests, and code review precede releases; security fixes are prioritized by severity.
  • Platform health: Uptime, job execution, and background tasks are continuously monitored with on-call paging for prolonged failures.

Incident Response

We maintain an incident response plan that defines severity levels, containment steps, and customer communications. Confirmed incidents that affect stored credentials or metadata trigger prompt notification, remediation guidance, and a post-incident summary following containment. Drills occur at least annually and after major platform changes.

Vulnerability Management & Disclosure

  • Continuous scanning: Automated dependency scanning (e.g., pnpm audit, Dependabot) runs continuously; critical findings are addressed promptly.
  • External testing: Independent security testing is scheduled as the platform scales; findings are triaged and tracked through remediation.
  • Responsible disclosure: Report suspected vulnerabilities to security@contextflo.com. We acknowledge within two business days and coordinate on validation and remediation.

Governance & Subprocessors

ContextFlo aligns its controls with recognized frameworks such as SOC 2 and ISO 27001 principles. Our Data Processing Agreement and Privacy Policy explain data handling, transfer mechanisms, and data-subject rights. We evaluate subprocessors for security posture and publish a current list at contextflo.com/legal/subprocessors. Customers are notified of material changes.

Customer Responsibilities

To get the most from our shared-responsibility model, customers should:

  • Enforce least-privilege access within your organization and rotate credentials regularly.
  • Monitor your environment and warehouse activity for suspicious behavior.
  • Connect only data that complies with your legal and contractual obligations.
  • Notify security@contextflo.com immediately if you suspect a security issue.

Credentials & Token Practices (Summary)

  • Stored: OAuth refresh tokens and required API/warehouse credentials—encrypted at rest; access tokens are short-lived and typically not persisted.
  • Redaction: Secrets are excluded from logs and analytics.
  • Rotation: Operators rotate encryption keys manually on a regular schedule and upon incident.
  • Revocation: Customers can revoke integrations at any time; ContextFlo honors provider revocation endpoints immediately upon disconnect or suspected compromise.