Security & Trust
Security is foundational to how FlintLab is built. Every layer of the platform is designed so that no customer can see, access, or affect another.
Core Security Principles
The foundations that govern every security decision at FlintLab.
Isolation by Default
No customer shares data, compute, or device access with another. Isolation is the baseline, not a configuration option.
No Unintended Persistence
Data is scoped and access-controlled. Session data is automatically purged after completion.
Defense in Depth
Security at every layer — network, API, container, and application — with no single point of failure.
Continuous Verification
Automated vulnerability scanning on every code change. Critical findings are resolved before any deployment.
How We Protect Your Data
What FlintLab does to keep your data and sessions secure.
Tenant Isolation
No customer shares data, compute, or device access with another. Every session runs in a fully isolated environment.
Encryption
All data is encrypted in transit and at rest using industry-standard algorithms.
Access Control
Industry-standard authentication and role-based access controls enforced at every level across the platform.
Device Security
Dedicated devices are customer-assigned with no cross-tenant access. Shared devices are fully wiped after every session before reallocation.
Secure Development
Continuous vulnerability scanning integrated into our development lifecycle. Critical findings are resolved before deployment.
Compliance & Certifications
FlintLab uses Auth0 as its identity provider, which is certified under SOC2 Type II and ISO 27001. We are actively working toward formal security certifications for the FlintLab platform.
Security Questions
What enterprise security and procurement teams typically ask.
Can we enable and test our app on your dedicated infrastructure?
Yes — with isolated, dedicated devices on demand for total isolation; or on a clean shared device that is fully wiped before and after every session.
Is our data protected from other tenants?
Full tenant isolation is enforced at the infrastructure level. All data is encrypted at rest and in transit, and automatically purged at session end.
Are APIs and access secure?
All API requests are verified through an API gateway that enforces token validation, rate limiting, and input sanitization. Access is controlled via role-based permissions at tenant and API levels.
Do you find and fix vulnerabilities continuously?
Yes. Vulnerability scanning is integrated into our development lifecycle and runs on every code change. Critical findings are resolved before deployment.
Can you provide a formal security document?
Yes — this page reflects our current security posture. A detailed document is available on request at security@flintlab.io.
Found a security issue?
Please report it responsibly. We review all security reports promptly.