Information Security & Privacy
At StructureFlow information security and data privacy are core considerations. The team at StructureFlow is committed to preserving the confidentiality, integrity, and availability of all the information assets used to develop, deliver, and support our application.
Our investment to keep you secure
StructureFlow observes key industry best practices and regulatory schemes to protect the security and privacy of our customers’ data such as ISO/IEC 27001:2013/2022, GDPR, NCSC Cyber Essentials.
ISO/IEC 27001:2013 Certified
StructureFlow operates an independently audited and certified Information Security Management System to the ISO/IEC 27001:2013 standard. Our certificate number is 11327.
UK Data Protection Act 2018
StructureFlow is registered as a data controller at the UK Information Commissioner’s Office under number ZA493065.
Privacy & Security Training
Information security and privacy training is mandatory, and all staff are required to complete regular training and tests on information security and data privacy policies and best practices.
Supplier Audit & Approval
StructureFlow performs extensive supplier due diligence, compliance reviews and approval processes before licensing or using any third-party tools.
StructureFlow offers data at rest in multiple data jurisdictions. Currently we provide a choice between Australia, Canada, European Union, United Kingdom, and United States. Other jurisdictions can be requested.
Data Encryption & Access Controls
Be it in transit or at rest, all data is encrypted using TLS 1.2 and AES-256. StructureFlow only uses industry-accepted encryption products.
Role Based Permissions
StructureFlow allows for granular access controls to grant and restrict application capabilities based on specific roles and authorities. Secure integration with Microsoft 365 for SSO is available to all customers.
StructureFlow logs and stores changes allowing for easy auditing and root cause analysis.
Data Deletion Requests
StructureFlow supports data deletion requests for the data we control, and we are more than happy to assist our customers with the data we process.
All customer data is processed within the customer’s own security context providing additional safeguards against unwanted data leaks. No StructureFlow staff have access to our customers’ projects.
Resilience & Uptime
StructureFlow is designed for uninterrupted uptime and enterprise scale. Our application is capable of both horizontal and vertical scaling, ensuring you always get the best performance possible.
Still have questions?
For more information on privacy and compliance, please see our Privacy & Cookies Notice or Application Privacy Notice. Alternatively contact us at for specific data privacy-related questions.
If you have found a security bug in StructureFlow and want to report it to us, please email .