Security & data handling

Security and data handling, in plain language

This page explains what FlowPorter collects, what it never asks for, where your data is processed, and what we honestly can and can't claim about compliance today. If a control isn't in place yet, this page says so rather than implying otherwise.

Independent BetterWrk practice · No credential values collected in the estimator · Formal certifications are on the roadmap, not claimed today

Security philosophy

The safest assessment is the one that asks for less

FlowPorter's guided estimate, browser-based parser and verified scope process exist to help you make a sound migration decision — not to collect more of your business than that decision requires. Every step is designed around one rule: gather the minimum needed to reach a useful recommendation, and be specific about what happens to it next.

Assessment data minimization

The quick estimate collects ranges, never credential values

The guided estimate on the homepage works entirely from self-reported bands and multiple-choice answers — estate size, complexity patterns, criticality, driver and target operating model. It never asks you to paste a password, API key, token or other secret value, and it never requests write access to any of your systems.

What the quick estimate collects

  • An estate-size band (for example, "11–25 active workflows"), not a workflow-by-workflow list
  • Which complexity patterns exist — branches, custom code, shared state, webhooks, approvals, regulated data — as yes/no selections
  • A general criticality tier and the business driver behind the move
  • The target operating model you're weighing, such as vendor-hosted or self-hosted

What it never collects at this stage

  • Passwords, API keys, tokens or other secret values
  • Workflow names, payload contents or customer data
  • Endpoint URLs, code bodies or database schemas
  • Any request for write access to your source or destination platform

That's what we internally treat as public and business-metadata information. Anything more sensitive — workflow structure, code, schemas — is only ever handled during a structurally verified assessment or a paid Blueprint, under the controls described below.

Local parsing

Supported exports are parsed in your browser, not on our servers

If you choose to verify your estate with a supported export file, the file is processed on your device first — you decide what leaves it.

01 · Select

Local file

You choose a supported export file on your own device. Nothing uploads yet.

02 · Parse

Web Worker

A parser runs inside an isolated Web Worker in your browser. Known secret fields are dropped and secret-like values are stripped out.

03 · Preview

Your manifest

You see the generated structural manifest — counts, mapping categories, complexity signals — before anything is sent anywhere.

04 · Send

Only if you approve

Only after you review and approve does the sanitized manifest transmit to FlowPorter for scope verification.

To be precise: "local parsing" means your raw export and its contents are processed on your device — it does not mean no data is ever sent anywhere. Once you review and approve, an approved, sanitized manifest — not the original file — leaves your browser for scope verification. Raw export upload is reserved for specific Blueprint cases where local parsing alone can't resolve a question, and it's something you opt into, never a default.

Credentials & secrets

We never ask you to paste a credential value

No form on this site — including the quick estimate — has a field for a password, API key, token or secret. If a form ever looks like it wants one, don't fill it in, and tell us.

An approved, least-privilege process for actual implementation access

Where technical verification or delivery work genuinely requires system access, FlowPorter uses an approved least-privilege and secrets-handling process — dedicated service accounts, the minimum scopes needed, short-lived credentials where the platform supports them, and storage in an access-controlled secrets vault rather than email, spreadsheets or chat. You keep the ability to revoke that access at any time.

Access controls

Operator access follows least privilege

Assessment reports, manifests and account data are only visible to the people who need them to do their job.

Role-based access

Operators are granted the narrowest role that lets them do their work — support, delivery or administration — not blanket access to every account.

Authenticated & audited

Access to operator tooling requires authentication, and privileged actions are recorded in an audit trail rather than left to informal memory.

No shared logins

Every operator uses an individual account. Access is reviewed periodically and revoked promptly when someone's role changes.

Encryption

Encrypted in transit and at rest

In transit Implemented

Traffic to and from flowporter.com, the assessment API and report links is encrypted in transit using TLS.

At rest Implemented

Stored assessment manifests, saved reports and any files accepted through a controlled Blueprint upload are encrypted at rest by our infrastructure provider, held in access-controlled storage rather than public object URLs.

Retention & deletion

You can ask us to delete your data

What we retain depends on how far you've gone through the process.

  • Quick-estimate answers you don't save exist only in your browser session and aren't retained on our servers once you close the tab, unless you choose to save or share the result.
  • A saved or shared report is retained so its link keeps working, until you ask us to delete it or your account closes.
  • A verified scope manifest and any Blueprint materials are retained for the length of the engagement plus a reasonable record-keeping period, consistent with our contract with you.
  • Sales and contact records — name, company, email, anything you send us — are retained only for as long as we have a legitimate reason to stay in touch.

For verified and Blueprint engagements, retention periods can be set contractually to match your internal data-handling requirements.

To request deletion of anything above, email [email protected] with your report link, company name or assessment reference. We'll confirm once it's done.

We don't use customer assessment data to train third-party AI models. Any future use of de-identified, aggregate data to improve our route models would require separate, explicit consent — never something bundled into using the estimator.

Subprocessors

A small number of vendors help us run the service

Like almost any modern web product, FlowPorter and BetterWrk rely on a small number of subprocessors to operate the site, run the assessment, and handle the infrastructure parts of delivery — for example hosting, email delivery and analytics. Each one receives only the category of data it needs to do its job, and none of them receive secret values or credentials.

We don't publish vendor names on this public page, because our subprocessor list changes as the platform matures and we'd rather keep this page accurate than complete-looking. Qualified prospects in an active commercial or security review can request the current subprocessor list, what each vendor does, and its safeguards, by emailing [email protected].

Incident response

If something goes wrong, you'll hear from us

FlowPorter maintains a documented incident-response process with a named internal owner. If we have reason to believe an incident has affected your data, we will investigate, contain what we can, and notify you with a clear account of what happened, what we did about it and what we recommend on your side — following whatever legal notification requirements apply in your jurisdiction.

Vulnerability reporting

Found a security issue? Tell us.

We'd rather hear about a problem from a careful researcher than discover it another way.

Responsible disclosure

Email [email protected] with a description and, where possible, steps to reproduce. Please avoid accessing or modifying data that isn't yours, avoid degrading the service for other people, and give us reasonable time to investigate and fix an issue before any public disclosure.

We don't currently run a paid bug bounty program, but we do acknowledge every report and are glad to credit researchers who want to be named once a fix ships.

Compliance status

We don't claim certifications we don't have

FlowPorter and BetterWrk do not currently hold formal, audited certifications such as SOC 2 or ISO 27001, and this page does not display any compliance logos or badges. The controls described above — data minimization, browser-local parsing, least-privilege access, encryption, retention discipline and incident response — are in place today as engineering and process commitments, not as certified outcomes. Certifications: planned

Formal certification is on our roadmap as the business and customer base mature, and we'll update this page — with real evidence, not marketing language — if and when that changes. If a specific framework matters to your procurement process, tell us; it helps us prioritize.

For procurement & security review

Need more than this page? Request the security pack.

For qualified prospects, we can share an architecture summary, a data-flow overview and the current subprocessor list under appropriate confidentiality terms.