Security at VallumFlow

Trust starts withhow we build VallumFlow.

VallumFlow can process source code, findings, credentials, files, and activity from connected systems. We treat that access as sensitive and make security part of product design, engineering, and day-to-day operations.

Our security posture

Protect the work,not just the login.

Security decisions are made around the full path data takes through VallumFlow: when it arrives, while a workflow uses it, when a result is stored, and when someone returns to review it.

  1. 01

    Limit access

    People, services, and workflow workers receive scoped access so one identity or task does not automatically gain reach across the platform.

  2. 02

    Separate sensitive data

    Credentials belong in Vault and authorized secret paths, not ordinary workflow fields or logs.

  3. 03

    Test the high-risk paths

    Authentication, permissions, service trust, file handling, network access, and worker boundaries are covered by focused automated tests.

  4. 04

    Keep useful records

    Security-relevant actions, job state, and service activity leave records that can support review and investigation.

  5. 05

    Watch for change

    Operational signals and credential alerts help surface failures and access risks that need attention.

How we work

Security continuesafter a feature ships.

The same security questions follow a change from design through operation: what it can access, how it can fail, what evidence it leaves, and how it can be contained.

Design

Start with the trust boundary

Changes involving authentication, secrets, customer data, integrations, or workflow execution are treated as security-sensitive work.

Build

Verify the behavior that matters

Tests cover expected access as well as denied access, stale credentials, unsafe paths, changed request bodies, and other failure cases.

Operate

Keep enough context to investigate

Health signals, bounded logs, audit events, and credential warnings provide a record when something needs attention.

Customer data

Use data for the workthe customer requested.

VallumFlow processes customer content when a configured workflow or platform action requires it. We do not sell personal data.

  • Content

    Source code, reports, findings, files, and workflow inputs are handled when the customer configures VallumFlow to use them.

  • Secrets

    Connected credentials are kept separate from ordinary workflow configuration and supplied only where the workflow needs them.

  • Records

    Usage, diagnostic, security, and audit records support operation, investigation, and customer review.

  • Retention

    How long information is kept depends on the record type, account settings, and the applicable customer agreement.

Security review

Ask before you connecta sensitive system.

Security and data-handling questions are answered from the current, documented controls that apply to the customer use case.

For a security review or to report a suspected vulnerability, email [email protected] with the affected area and enough detail for us to investigate. Please do not include live credentials or unnecessary customer data.

Security FAQ

Questions about trusting VallumFlow

What information does VallumFlow protect?

VallumFlow is designed to protect the account details, source code, findings, reports, files, workflow inputs, credentials, and service records it processes. The information involved depends on the workflows and integrations a customer configures.

How is access to VallumFlow systems controlled?

Access is limited by role and operational need. People, services, and workflow workers receive scoped access, credentials are kept separate from ordinary workflow data, and security-relevant activity leaves records for review.

How does VallumFlow detect security or reliability issues?

Service health signals, request and job records, audit events, and credential warnings provide evidence for investigation. The signals used depend on the affected service and activity.

How does VallumFlow respond to a security issue?

We investigate the scope, contain affected access or services, preserve the records needed for review, and address the underlying cause. When an issue affects customers, we provide relevant updates based on its impact and applicable agreements.

Can our team review VallumFlow security before adoption?

Yes. Send the systems you plan to connect, the data involved, and your security questions to [email protected].

How should we report a suspected vulnerability?

Email [email protected] with reproduction steps, affected URLs or components, and the likely impact. Do not send passwords, access tokens, or unrelated customer data.