Contact Our Team ->

Trust center

Security, Compliance & Transparency at SAI.Flow

1. Our Commitment to Security

At SAI.Flow, trust is fundamental to everything we build.
We design, develop, and operate our automation platform with security, privacy, and compliance at the core.
Our customers rely on us to process data safely, and we take that responsibility seriously.

Security is not a feature — it’s part of our DNA. Every infrastructure decision, every line of code, and every process within SAI.Flow is reviewed with data protection and reliability in mind.

2. Data Protection & Privacy (GDPR)

SAI.Flow complies fully with the General Data Protection Regulation (GDPR) and related European and Norwegian privacy laws.

We process customer data strictly under Data Processing Agreements (DPAs), ensuring that:

  • Data is processed only under documented instructions.
  • Personal information is encrypted both in transit and at rest.
  • Access is restricted using role-based permissions (RBAC) and multi-factor authentication (MFA).
  • All employees undergo mandatory security and privacy training.

You can review our full Data Processing Agreement (DPA) for detailed legal terms.

3. Infrastructure Security

Our platform is hosted on leading cloud providers with globally recognized certifications, including AWS and Google Cloud, which are ISO 27001, ISO 27017, ISO 27018, and SOC 2 Type II certified.

We build on top of this secure foundation with additional SAI.Flow-specific controls:

  • Network segmentation and firewall isolation for critical systems.
  • Encrypted databases (AES-256).
  • Automatic patching and continuous vulnerability scanning.
  • Real-time monitoring and intrusion detection (IDS/IPS).
  • Least privilege access enforced at every level of our infrastructure.

All production systems are continuously monitored, with 24/7 alerting and anomaly detection.

4. Application Security

We use a secure development lifecycle (SDLC) to ensure software security at every stage:

  • All code is reviewed and tested before deployment.
  • Dependencies are continuously scanned for vulnerabilities (Snyk / Dependabot).
  • Secrets and credentials are managed via vaulted encryption keys.
  • Regular penetration testing is performed by certified third-party auditors.
  • We follow OWASP Top 10 guidelines to prevent common web vulnerabilities.

Each new feature release undergoes automated and manual security testing before it is pushed to production.

5. Compliance & Certifications

We are committed to maintaining and expanding compliance with leading industry standards.
Our security posture currently aligns with and/or builds toward the following frameworks:

  • GDPR (EU) – ✅ Compliant
    Our data processing operations are fully aligned with the EU General Data Protection Regulation and Norwegian data protection laws. All personal data is handled according to strict GDPR principles, including purpose limitation, data minimization, and lawful processing.
  • SOC 2 Type II – 🔄 In Progress
    We are undergoing an independent third-party audit that evaluates our controls around security, availability, and confidentiality. Once completed, SAI.Flow will publish its attestation letter within this Trust Center.
  • ISO 27001 – 🔄 Planned
    Implementation of a comprehensive Information Security Management System (ISMS) is underway. This certification will formally verify that our internal processes meet global standards for information security.
  • ISO 27701 – 🔄 Planned
    We are preparing alignment with this Privacy Information Management System framework, extending ISO 27001 to include data privacy governance and accountability controls.
  • ePrivacy Directive – ✅ Compliant
    Our website and platform operate transparently with respect to cookies and tracking technologies, ensuring users have full control and clear consent options under EU ePrivacy requirements.

When certifications such as SOC 2 or ISO 27001 are completed, summary reports and attestation letters will be published in this Trust Center.

6. Data Residency & Transfers

SAI.Flow offers EU-based data residency by default.
All customer data is stored within EEA-hosted infrastructure, unless otherwise requested.
If data is transferred outside the EEA, we rely on:

  • Standard Contractual Clauses (SCCs)
  • Data Transfer Impact Assessments (DTIAs)
  • Hosting within ISO 27001-certified environments.

We never transfer data without documented legal safeguards.

7. Incident Response & Monitoring

We maintain a robust Incident Response Plan that ensures rapid action and transparency in the event of any security issue.
Our monitoring systems detect and respond to unusual activity in real-time.
If a security breach were ever to occur, customers would be notified within 24 hours, along with mitigation steps and detailed root-cause reporting.

8. Business Continuity & Backups

Data integrity and service uptime are critical to our customers.
SAI.Flow maintains:

  • Daily encrypted backups, stored across multiple availability zones.
  • Disaster recovery plans with tested restoration procedures.
  • Redundant systems to minimize downtime and data loss.

We test our business continuity plan at least twice per year to ensure operational resilience.

9. Responsible Disclosure

We welcome and encourage security researchers to responsibly report vulnerabilities in our systems.
If you believe you’ve discovered a security issue, please contact our security team at:
📧hello@sai-flow.ai

Reports are reviewed within 48 hours, and verified issues are prioritized for immediate resolution.

10. Transparency & Continuous Improvement

Trust is earned — and maintained — through openness and accountability.
We continually review and update our practices to ensure the highest standards of data protection and compliance.

SAI.Flow regularly performs:

  • Annual third-party security assessments
  • Internal audits
  • Policy reviews aligned with evolving regulatory standards.

We are transparent by design — this Trust Center will always reflect our current security status, certifications, and privacy commitments.

SAI.Flow is built on the principles of privacy, integrity, and reliability.
We are committed to keeping your data secure, compliant, and fully under your control — today, and every day.