Trust Center

Security-conscious posture for buyer review.

A transparent view of current safeguards, staged verification requirements, server-side control boundaries, and enterprise roadmap items without unsupported certification claims.

DORA-Aware Enterprise Readiness

Operational resilience documentation for serious due diligence.

Review the DORA-aware readiness page for ICT risk management, incident response, third-party ICT provider visibility, backup and disaster recovery planning, evidence management, and AI governance boundaries.

View DORA readiness

Evidence Documents

Buyer due diligence evidence for technical review.

These documents are technical audit evidence and point-in-time audit snapshots. They support review, but they do not replace buyer verification or independent security assessment.

Technical Whitepaper PDF

Buyer due diligence evidence covering the AgentFlow Enterprise AI RevOps architecture, security boundaries, billing posture, and operational readiness materials.

View Technical Whitepaper PDF

Ahrefs SEO Health Score Evidence PDF

Point-in-time Ahrefs Site Audit export showing Health Score 100 / Excellent and 0 errors as captured on 2 June 2026.

View SEO Health Evidence PDF

Operational resilience

DORA-aware enterprise readiness

A dedicated readiness page and documentation pack map ICT risk, incident response, third-party provider risk, backup/restore planning, business continuity, AI governance, and evidence management without making legal attestation claims.

Staged verification required

Production hardening checklist

AgentFlow Enterprise is structured around security-conscious operating principles such as server-side secrets, protected dashboard access, managed infrastructure, and controlled evidence collection. Formal certifications are not claimed.

EU-aware processing

GDPR-conscious design

The product language and data model are designed around B2B data minimization, clear processing purposes, processor awareness, and customer-controlled lead data.

Supabase auth

Authentication posture

Email login, magic links, Google OAuth, server-side callback handling, session cookies, and protected dashboard routing are supported through Supabase.

PayPal server routes

Billing protection

PayPal subscriptions are created and confirmed on the server. Secret keys and plan IDs stay in server-side environment variables and are not exposed to client-side code.

Signature checks

Webhook verification

PayPal webhook handling verifies provider signatures before subscription lifecycle events are persisted and applied to workspace access.

Secrets not in browser

Server-side AI calls

AI qualification routes keep OpenAI credentials server-side and return constrained result fields instead of exposing provider keys or raw provider payloads to the browser.

Buyer due diligence ready

Audit evidence posture

Audit events, payment records, integration events, and verification runbooks support due-diligence review, while staged provider evidence remains separate from public code.

Vendor review

Subprocessor awareness

Expected subprocessors include Supabase, Vercel, OpenAI, PayPal, and HubSpot. Production buyers should review regions, DPAs, and active services before launch.

Customer-defined policy

Data retention roadmap

Retention windows for leads, AI outputs, usage events, logs, and CRM sync records should be configured by workspace or contract requirements.

Incident response path

Breach notification readiness

Production launch should define severity levels, owner escalation, regulator/customer notification workflows, evidence capture, and post-incident review.

Enterprise control

Role-based access roadmap

Workspace roles, least-privilege permissions, approval flows, and tenant-aware access controls are part of the enterprise deployment roadmap.

Implementation option

Private deployment available

Enterprise buyers can discuss private deployment, dedicated environments, custom data retention, and integration-specific controls during strategy planning.

Security contact

Responsible disclosure

Security reports can be sent through the contact page. Production customers should define incident response, monitoring, and escalation requirements during implementation.

Legal honesty

No unsupported claims

AgentFlow Enterprise does not present certifications, large-enterprise adoption, verified customer relationships, or live revenue outcomes unless separately verified.