Skip to main

Security & isolation

Security that respects your tenancy boundaries

Per-organization data isolation, TLS everywhere, hashed credentials, daily offsite backups, and strict RBAC keep your operations safe.

Tenant isolation

Each organization’s data is isolated by a strict tenant identifier enforced in application logic and queries.

  • Row-level scoping by org_id in all read/write paths
  • Least-privilege DB users per environment
  • Extensive tests for cross-tenant access

Encryption

All traffic uses TLS. Passwords are one-way hashed with a modern algorithm and per-user salts.

  • TLS for all app endpoints
  • Strong password hashing
  • Signed session cookies; HTTPOnly
  • Optional IP allow-lists on request

Access control & RBAC

Role-based access lets you limit what users can see and do.

  • Granular roles per module
  • Admin controls for invites and resets
  • Session idle-timeout and logout everywhere

Backups & export

We maintain regular backups and offer exports on demand.

  • Daily offsite backups
  • Point-in-time restore (per incident)
  • CSV/PDF export tools
  • Retention as per policy below

Audit & logging

Key actions are logged for traceability and compliance needs.

  • Audit events for sensitive actions
  • Immutable timestamps
  • Timezone: Bangladesh Standard Time

Incident response

We triage, contain, investigate, and communicate when issues arise.

  1. Triage & severity assignment
  2. Containment & remediation
  3. Forensics & root-cause analysis
  4. Customer communication for material impact
  5. Post-mortem & prevention tasks

Report a vulnerability: security@klinflow.com

Uptime & reliability

We aim for high availability through redundancy, monitoring, and safe deploys.

  • Health checks & alerting
  • Zero-downtime rollout where possible
  • Rollback strategy for failed releases
  • Capacity planning for peak loads

Data retention

We keep operational data only as long as needed for service delivery, support, and legal obligations.

  • Account data retained while subscription is active
  • Backup retention on a rolling window
  • Export & deletion available upon verified request

Responsible disclosure

We appreciate reports from the community. Please give us reasonable time to fix issues before public disclosure.

  • Email: security@klinflow.com
  • Include steps to reproduce and impact
  • Do not access other tenants’ data during testing

Have a security question?

Contact our team for assessments, exports, or compliance needs.

Email security Open a ticket