MyStatusFlow

Security & Compliance

Your data security and privacy are our top priorities. Here's how we protect your information.

Current Security Features

Security measures currently implemented

Authentication & Authorization

  • Multi-provider Authentication: Secure login with Google OAuth and email/password credentials

  • Role-Based Access Control: Granular permissions with workspace and project-level roles

  • Session Management: Secure session tokens with automatic expiration and renewal

  • Workspace Isolation: Complete data isolation between workspaces

Password Security

  • Argon2id Hashing: Industry-standard password hashing with high memory and time complexity

  • Legacy Migration: Automatic migration from older PBKDF2 hashes to modern Argon2id

  • Secure Storage: Passwords never stored in plain text or logs

Data Protection

  • Input Validation: Comprehensive Zod schema validation on all user inputs

  • CSRF Protection: Cross-Site Request Forgery prevention on sensitive operations

  • Secure Logging: Automatic sanitization of sensitive data in logs

  • PII Protection: Prevention of personally identifiable information exposure

File Upload Security

  • File Type Validation: Strict whitelist of allowed file types (PDF, DOC, XLS, PPT)

  • Size Limits: Maximum file size restrictions (25MB per file)

  • Storage Quotas: Per-plan storage limits to prevent abuse

  • Secure Upload: Authenticated uploads with user verification

API Security

  • Rate Limiting: Configurable rate limits for different operations (auth, API calls, invitations)

  • Webhook Verification: Cryptographic signature verification for Stripe webhooks

  • tRPC Authorization: Server-side authorization checks on every API procedure

  • Request Validation: Type-safe API endpoints with automatic validation

Coming Soon

Advanced security features in development

Multi-Factor Authentication (MFA)

Coming Soon

  • TOTP (Time-based One-Time Password) authentication

  • SMS and email-based verification codes

  • Backup recovery codes for account access

Single Sign-On (SSO)

Coming Soon

  • SAML 2.0 protocol support for enterprise integration

  • OpenID Connect (OIDC) compatibility

  • Integration with popular identity providers (Okta, Azure AD, OneLogin)

Advanced Security Features

Coming Soon

  • Advanced Audit Logging: Comprehensive activity tracking and compliance reporting

  • Data Encryption at Rest: Database-level encryption for sensitive data

  • Compliance Certifications: SOC 2, GDPR, HIPAA compliance frameworks

Security Best Practices

  • Use Strong Passwords: We recommend using password managers and unique passwords for each account

  • Enable Account Recovery: Set up email verification for secure account recovery

  • Regular Security Updates: We continuously monitor and update our security measures

  • Report Security Issues: Contact us immediately if you suspect any security concerns

Security Contact

If you have security concerns or questions about our security practices, please contact us:

Email: security@statusflow.com

Response Time: We aim to respond to security-related inquiries within 24 hours

MyStatusFlow

Transform how your organization connects strategy to execution with clear goal visibility and real-time progress tracking.

Product

FeaturesPricing

Company

About Us

Support

Contact UsHelp Center

Legal

Privacy PolicyTerms of ServiceSecurity

© 2025 MyStatusFlow. All rights reserved.