Your data security is our top priority
At Flow Myna, trust and security are foundational to everything we build. We know you're entrusting us with your data, and we take that responsibility seriously.
Our Commitments
Transparency
You deserve to know where your data is stored, processed, and how it's secured.
Privacy-first approach
We encourage you to remove or anonymize any personally identifying data (PII) before upload. Where possible, we scrub or redact sensitive fields.
Minimal access
Only essential systems or personnel have access to data needed for operations, and all access is secured.
Continuous improvement
As we grow, we will evaluate and adopt recognized security frameworks, certifications, and controls.
Current Security Status
Flow Myna operates with production-grade data handling for all clients:
- All data is stored in secure, region-based environments (EU, US, or APAC)
- Access is restricted through secure authentication and infrastructure permissions
- All traffic is encrypted with TLS 1.2+
- Databases are encrypted at rest
- Regular security audits and monitoring in place
Data Storage & Processing
We use trusted third-party providers to deliver our service. Each is vetted for security and compliance and processes only the minimum data necessary.
Railway
Railway Trust CenterApplication hosting, environment management, and database hosting (PostgreSQL)
Railway is SOC 2 certified and supports a GDPR Data Processing Addendum for EU users. All user data including databases is encrypted at rest.
OpenAI API
OpenAI Data ControlsAI-based text processing
OpenAI API powers AI-driven features in our platform. OpenAI does not use API data for training its models and retains data for up to 30 days for abuse monitoring only.
Cloudflare R2
Cloudflare Trust HubObject storage for user-uploaded files and datasets
Cloudflare R2 encrypts data at rest and in transit. Supports S3-compatible API with presigned URLs for secure access. GDPR-compliant data residency options available.
WorkOS
WorkOS SecurityUser authentication, identity management, and password storage
WorkOS is SOC 2 Type II certified and GDPR compliant. Handles secure password hashing, JWT token issuance, and SSO integrations.
Honeycomb
Honeycomb SecurityAPI performance monitoring and distributed tracing
Used for monitoring API calls, request tracing, and application performance diagnostics. Honeycomb undergoes SOC 2 audits.
Important Notes:
- •We send only the minimum data needed to each processor.
- •We do not store personal credentials or sensitive identifiers unencrypted.
Data Residency & Location
We understand that data residency is critical for compliance. Your business data can be stored in your required region:
Core Data Storage
Deployed in your required region
Supporting Services
Observability, AI processing, and other supporting services may operate globally. If strict data residency is required for all processing, please discuss this with us.
Need specific data residency? Let us know your requirements and we'll deploy our infrastructure in the appropriate region.
What We Don't Do
- We do not use third-party processors without careful evaluation.
- We do not use your data for marketing, cross-customer aggregation, or model training.
- We do not store backups outside secure, encrypted environments.
Future Plans & Certifications
As Flow Myna grows:
- →We plan to adopt standard security frameworks and pursue certifications (e.g. SOC 2, ISO 27001, ISO 27701).
- →We will continue expanding our transparency through regular security audits and compliance reporting.
- →We will continue improving our security practices as we grow and learn from industry best practices.
Legal Entity & Jurisdiction
Flow Myna Ltd is a company registered in the United Kingdom. Our data-handling practices follow the requirements of the UK GDPR and, where applicable, the EU GDPR.
Questions & Contact
If you have any questions about our security practices or need custom arrangements, please contact:
security@flowmyna.com