Information Security & Privacy


At StructureFlow information security and data privacy are core considerations. The team at StructureFlow is committed to preserving the confidentiality, integrity, and availability of all the information assets used to develop, deliver, and support our application.


Our investment to keep you secure

StructureFlow observes key industry best practices and regulatory schemes to protect the security and privacy of our customers’ data such as ISO/IEC 27001:2013/2022, GDPR, NCSC Cyber Essentials.

ISO/IEC 27001:2013 Certified

StructureFlow operates an independently audited and certified Information Security Management System to the ISO/IEC 27001:2013 standard. Our certificate number is 11327.

UK Data Protection Act 2018

StructureFlow is registered as a data controller at the UK Information Commissioner’s Office under number ZA493065.

Privacy & Security Training

Information security and privacy training is mandatory, and all staff are required to complete regular training and tests on information security and data privacy policies and best practices.

Supplier Audit & Approval

StructureFlow performs extensive supplier due diligence, compliance reviews and approval processes before licensing or using any third-party tools.

Data Jurisdictions

StructureFlow offers data at rest in multiple data jurisdictions. Currently we provide a choice between Australia, Canada, European Union, United Kingdom, and United States. Other jurisdictions can be requested.

Data Encryption & Access Controls

Be it in transit or at rest, all data is encrypted using TLS 1.2 and AES-256. StructureFlow only uses industry-accepted encryption products.

Role Based Permissions

StructureFlow allows for granular access controls to grant and restrict application capabilities based on specific roles and authorities. Secure integration with Microsoft 365 for SSO is available to all customers.

Audit Trails

StructureFlow logs and stores changes allowing for easy auditing and root cause analysis.

data deletion request within corporate structuring

Data Deletion Requests

StructureFlow supports data deletion requests for the data we control, and we are more than happy to assist our customers with the data we process.

data segregation

Data Segregation

All customer data is processed within the customer’s own security context providing additional safeguards against unwanted data leaks. No StructureFlow staff have access to our customers’ projects.

Resilience & Uptime

StructureFlow is designed for uninterrupted uptime and enterprise scale. Our application is capable of both horizontal and vertical scaling, ensuring you always get the best performance possible.