Trust Center
A transparent view of current safeguards, staged verification requirements, server-side control boundaries, and enterprise roadmap items without unsupported certification claims.
Staged verification required
AgentFlow Enterprise is structured around security-conscious operating principles such as server-side secrets, protected dashboard access, managed infrastructure, and controlled evidence collection. Formal certifications are not claimed.
EU-aware processing
The product language and data model are designed around B2B data minimization, clear processing purposes, processor awareness, and customer-controlled lead data.
Supabase auth
Email login, magic links, Google OAuth, server-side callback handling, session cookies, and protected dashboard routing are supported through Supabase.
Stripe server route
Stripe Checkout is created on the server. Secret keys stay in server-side environment variables and are not exposed to client-side code.
Signature checks
Stripe and GitHub Sponsors webhook handling includes signature verification patterns so provider events are processed through server-side routes before persistence.
Secrets not in browser
AI qualification routes keep OpenAI credentials server-side and return constrained result fields instead of exposing provider keys or raw provider payloads to the browser.
Buyer due diligence ready
Audit events, payment records, integration events, and verification runbooks support due-diligence review, while staged provider evidence remains separate from public code.
Vendor review
Expected subprocessors include Supabase, Vercel, OpenAI, Stripe, and HubSpot. Production buyers should review regions, DPAs, and active services before launch.
Customer-defined policy
Retention windows for leads, AI outputs, usage events, logs, and CRM sync records should be configured by workspace or contract requirements.
Incident response path
Production launch should define severity levels, owner escalation, regulator/customer notification workflows, evidence capture, and post-incident review.
Enterprise control
Workspace roles, least-privilege permissions, approval flows, and tenant-aware access controls are part of the enterprise deployment roadmap.
Implementation option
Enterprise buyers can discuss private deployment, dedicated environments, custom data retention, and integration-specific controls during strategy planning.
Security contact
Security reports can be sent to [email protected]. Production customers should define incident response, monitoring, and escalation requirements during implementation.
Legal honesty
AgentFlow Enterprise does not present certifications, large-enterprise adoption, verified customer relationships, or live revenue outcomes unless separately verified.