Log In
Security & Privacy

Your Data Security Is Our Foundation

FlowMetrics Pro is built from the ground up to protect your organization's most sensitive data — employee records, payroll, screenshots, location data, and more.

AES-256 Encryption
TLS 1.2+ in Transit
SOC 2 Compliant Infra
PCI DSS Level 1
CCPA Compliant
PIPEDA Compliant
AU Privacy Act
NZ Privacy Act 2020
01 — Encryption

Your Data Is Encrypted — Always

In Transit

Every piece of data sent between your devices and our servers is encrypted with TLS 1.2 or higher. Whether your team is using the web app, desktop app, mobile app, or browser extension — all communication is protected by the same encryption standard used by banks and government agencies.

At Rest

All data stored in our databases and file storage is encrypted using AES-256 encryption — the industry gold standard. This includes employee records, payroll data, screenshots, GPS location data, and every other piece of information in your account.

Passwords

We never store passwords in plain text. All passwords are hashed using bcrypt with a unique salt, making them computationally impractical to reverse-engineer.

Payment Data

Credit card information is handled entirely by Stripe, a PCI DSS Level 1 certified payment processor. Your card numbers never touch our servers.

02 — Infrastructure

Built on Enterprise-Grade Infrastructure

We build on the same cloud infrastructure trusted by the world's largest companies. Every provider we use maintains independent security certifications.

Database — MongoDB Atlas

SOC 2 Type II, ISO 27001, and HIPAA certified. Data is encrypted, replicated across multiple nodes for high availability, and backed up continuously.

Screenshots — Backblaze B2

SOC 2 Type II certified storage with 99.999999999% (11 nines) data durability. Encrypted at rest and auto-deleted when your retention period expires.

Payments — Stripe

PCI DSS Level 1 certified — the highest level of payment security certification. We never see or store your full credit card number.

AI Processing — Google Gemini

Only anonymized, aggregated activity data is sent for processing — never screenshots, personal identifiers, or payroll information.

03 — Access Controls

The Right People See the Right Data — Nothing More

FlowMetrics Pro uses a five-tier role-based access control system that ensures every person in your organization sees only what they should.

RoleWhat They Can Access
Owner Full organization data, billing, and configuration
Admin Full organization data and configuration (no billing changes)
HR Manager Employee records, payroll, leave, attendance — organization-wide
Manager Their department's team data only — monitoring, reports, approvals
Employee Their own data only — dashboard, attendance, screenshots, salary slips

Key protections:

  • Managers cannot see employees outside their department
  • Employees can only access their own information
  • Custom roles with fine-grained permissions on Professional and Enterprise plans
  • Every permission change is logged in the audit trail
04 — Transparent Monitoring

Monitoring You Can See — Because Trust Goes Both Ways

We believe employee monitoring should be transparent, not secretive. FlowMetrics Pro is designed so employees always know what's being tracked and can see their own data.

What makes us different

  • Employees see their own screenshots through the self-service portal
  • The desktop app shows when monitoring is active — no hidden tracking
  • Employees access their own activity data, daily reports, KPIs, and attendance
  • Gamification rewards productivity with points, achievements, and leaderboards

What we do NOT do

  • No keystroke logging
  • No webcam or microphone recording
  • No reading email or message content
  • No tracking personal devices
  • No monitoring outside work hours (by default)
  • No clipboard monitoring
  • No access to personal files, photos, or contacts on mobile
05 — Data Retention & Deletion

Your Data Has an Expiration Date — By Design

We retain monitoring data (screenshots, activity logs, GPS data) only for as long as your plan specifies. After that, it's automatically and permanently deleted.

Free
7 days
Starter
30 days
Professional
90 days
Enterprise
1 year
  • After retention: Data is permanently deleted through an automated process. Deleted data cannot be recovered.
  • When you cancel: 30 days to export your data. After 90 days, all data is permanently and irreversibly deleted.
  • On-demand deletion: Request at any time via [email protected]. Processed within 30 days.
06 — Global Compliance

Built for Global Compliance

FlowMetrics Pro helps organizations comply with privacy and data protection laws across our target markets.

🇺🇸 United States

Compliant with CCPA/CPRA. We do not sell personal information. State-specific employee monitoring notification features built in.

🇨🇦 Canada

Compliant with PIPEDA and provincial privacy laws including Quebec's Law 25. Transparent data collection and consent management.

🇦🇺 Australia

Compliant with Privacy Act 1988 and Australian Privacy Principles (APPs). Supports Fair Work Act transparency. NDB scheme compliance.

🇳🇿 New Zealand

Compliant with Privacy Act 2020 and Information Privacy Principles (IPPs). Privacy breach notification compliance.

Enterprise compliance tools:

  • Full audit trail of every action in the system
  • File audit trail for upload/download compliance
  • Custom roles with granular permissions
  • 1-year data retention for regulatory requirements
  • Data Processing Agreement (DPA) for all Enterprise customers
07 — Organizational Security

Security Is a Team Effort

Internal practices

  • All team members bound by confidentiality agreements
  • Security awareness training for all personnel
  • MFA required for all internal production access
  • Principle of least privilege enforced
  • Quarterly access reviews
  • Documented incident response procedures

Secure development

  • All code changes go through peer review before deployment
  • Automated dependency scanning for known vulnerabilities
  • Server-side input validation and output encoding
  • Security headers on all web pages (CSP, HSTS, X-Frame-Options)
  • No secrets or credentials stored in source code
08 — Business Continuity

Always Available, Always Protected

High availability

  • Multi-node replica set with automatic failover
  • Load-balanced, auto-scaling API servers
  • 11-nines (99.999999999%) screenshot storage durability
  • Target uptime: 99.9%

Backup & recovery

  • Continuous database backups with point-in-time recovery
  • Recovery Time Objective (RTO): < 4 hours
  • Recovery Point Objective (RPO): < 1 hour
  • Regular recovery testing to verify backup integrity
09 — Incident Response

If Something Goes Wrong, You'll Know Fast

In the unlikely event of a security incident affecting your data:

  1. We detect it — through automated monitoring and alerting
  2. We contain it — isolating affected systems within hours
  3. We notify you — within 72 hours of confirmation, with full details on what happened and what data was affected
  4. We fix it — full root cause analysis and remediation
  5. We prevent it — updated controls and procedures to prevent recurrence

We comply with all applicable breach notification laws, including the Australian NDB scheme, New Zealand Privacy Act, PIPEDA, and US state breach notification laws.

Report a vulnerability: [email protected] — we acknowledge receipt within 24 hours.

10 — FAQ

Security Questions? We've Got Answers.

Do you have SOC 2 certification?
We are pursuing SOC 2 Type I certification, targeted for Q4 2026. Our infrastructure providers (MongoDB Atlas, Backblaze B2, Stripe) all maintain current SOC 2 Type II certifications. We can share their reports with Enterprise customers under NDA.
Where is my data stored?
Application data is stored on MongoDB Atlas and screenshots on Backblaze B2, both with AES-256 encryption at rest and TLS 1.2+ in transit. Payment data is stored by Stripe. See our Data Infrastructure Document for full details.
Can I export my data?
Yes. Administrators can export attendance records, payroll data, and reports through the Reports section. For full data exports, contact [email protected].
Do you offer a Data Processing Agreement (DPA)?
Yes. We provide a DPA for all Enterprise plan customers. Contact [email protected] to request one.
Can employees see what's being monitored?
Yes. FlowMetrics Pro is a transparent monitoring platform. Employees can view their own screenshots, attendance records, activity data, daily reports, and KPI scores through the self-service portal. The desktop app shows when monitoring is active.
Is my payroll data secure?
Payroll data is stored in our encrypted database (AES-256 at rest, TLS 1.2+ in transit). Access is restricted by role-based permissions — only authorized administrators can view payroll information.
Do you use my data to train AI models?
No. Your data is not used to train any AI models. Our AI features use the Google Gemini API, which processes only anonymized activity data and does not retain or use API inputs for model training.
What happens to screenshots of personal content?
Screenshots capture whatever is on screen during work hours. Employees can view their own screenshots. We recommend organizations inform employees about screenshot monitoring and that employees avoid personal activities during monitored hours. Organizations can configure monitoring to exclude specific time periods.
Do you support Single Sign-On (SSO)?
Yes. SAML-based SSO is available on the Enterprise plan, allowing employees to log in with your company's identity provider.
How do I report a security concern?
Contact [email protected]. For privacy requests, use [email protected]. We respond within 24 hours.

Have More Security Questions?

We're happy to discuss our security practices in detail. Enterprise customers can request full security documentation, sub-processor SOC 2 reports, and a DPA.

Request Security Documentation Start Free — 10 Users
This security page is updated regularly to reflect our current practices. Last updated: March 2026.
For detailed information, refer to our Privacy Policy, Data Processing Agreement, and Terms of Service.
Flowmetrics Pro New logo

Empowering remote teams with intelligent productivity monitoring and actionable analytics

FlowMetrics Pro © 2026, All rights reserved.