Security

Last updated: March 2026

Security is foundational to TrustFlow. We process sensitive transaction data on behalf of our customers and treat the protection of that data as a first-class engineering concern. This page summarizes the controls we have in place.

1. Encryption

  • In transit — All API traffic is served over TLS 1.2+ with modern cipher suites. HTTP requests are redirected to HTTPS and HSTS is enforced.
  • At rest — Database volumes are encrypted using AES-256 at the disk level by our infrastructure provider.
  • Secrets — API keys and webhook signing secrets are never stored in plaintext. We persist only the SHA-256 hash and show the secret to the user once at creation time.

2. Authentication & Authorization

  • Every API call requires a bearer API key (tf_live_…) scoped to a single tenant.
  • Tenants are fully isolated — data, configuration, rate limits, usage records and webhooks never cross tenant boundaries.
  • Production system access is restricted to authorized personnel and protected by hardware MFA.

3. Application Security

  • Input validation on all request bodies via strict Pydantic schemas.
  • Rate limiting per tenant and per IP to mitigate abuse and brute force.
  • Security headers enforced on every response: Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Content-Security-Policy.
  • Webhook deliveries are signed with HMAC-SHA256 using a per-endpoint secret so receivers can verify authenticity.
  • Optional Agent Identity Verification (Ed25519, JWS, HMAC) lets customers cryptographically bind requests to a registered agent.

4. Infrastructure

  • Hosted in EU data centers (Ireland / Madrid).
  • Stateless application tier behind a managed load balancer with automated failover.
  • Managed PostgreSQL with point-in-time recovery and daily encrypted backups retained for 30 days.
  • Infrastructure as code; production changes go through review.

5. Monitoring & Incident Response

  • Centralized structured logging with 1 year retention for audit logs.
  • Real-time alerting on error rate, latency, and authentication anomalies.
  • Documented incident response procedure. Customers are notified of any confirmed personal data breach within 48 hours, as committed in our DPA.

6. Data Protection

  • We collect the minimum data required to evaluate a transaction — no end-user PII is required.
  • Card data is never seen by TrustFlow; payments are processed by Stripe.
  • Customers can request data export or deletion at any time. See the Privacy Policy.

7. Compliance

  • GDPR-aligned data processing with a signed DPA available to all customers.
  • Risk evaluation logic is auditable: every decision is associated with a trace ID, factor breakdown, and reasoning.
  • SOC 2 Type I readiness work in progress.

8. Responsible Disclosure

If you believe you have found a security vulnerability in TrustFlow, please report it privately to security@trust-flow.dev. We will acknowledge your report within 48 hours and work with you on a coordinated disclosure timeline. We do not pursue legal action against researchers acting in good faith.

9. Contact

Security questions: security@trust-flow.dev