Security
Last updated: 7/11/2026
Security Overview
At FluxLens, security is fundamental to our platform. We protect customer data with scoped access, server-side authorization checks, and clear boundaries between demo data and customer workspaces.
Data Protection
Metadata-Only Processing
FluxLens processes only coordination metadata—timestamps, user IDs, channel names, issue statuses. We do not access or store:
- Message content or body text
- File contents or attachments
- Private or direct message content
- Code repositories or source code
Encryption
- In Transit: All data is encrypted using TLS 1.3 during transmission
- At Rest: Stored customer data relies on provider-managed encryption controls
- Database: Secrets and integration tokens are kept server-side and away from browser responses
Access Controls
Authentication: FluxLens uses authenticated sessions and scoped OAuth connector access. MFA and enterprise SSO enforcement are roadmap controls, not a current product certification claim.
Authorization:Customer-data routes re-check the signed-in user's organization and role before returning or mutating organization data.
API Security: Customer-data API endpoints require authentication, organization context, and request validation. Demo-only endpoints are separated from live customer data paths.
Compliance Readiness
SOC 2 Type II: FluxLens does not currently claim SOC 2 Type II certification. Enterprise audit evidence, SSO, and related controls are tracked as enterprise-readiness work.
Data rights: Export, deletion, and retention workflows are handled through product controls and support as they are implemented. We do not present these workflows as a third-party legal certification.
Customer review: Pilot and enterprise customers can request a security review of current controls before connecting production workspaces.
Infrastructure Security
Cloud Infrastructure: FluxLens is built on managed cloud infrastructure and application-level controls, including:
- Authenticated customer-data access
- Organization-scoped authorization checks
- Audit logging for sensitive actions
- Backup, recovery, and incident runbook work tracked for enterprise readiness
Vulnerability Reporting
We take security vulnerabilities seriously. If you discover a security issue, please report it to security@fluxlens.ai. We will respond promptly and work with you to resolve the issue.
Please do not publicly disclose vulnerabilities until we have had a chance to address them.
Security Best Practices
We recommend users:
- Use multi-factor authentication through your identity provider where available
- Use strong, unique passwords
- Regularly review connected integrations and revoke unused ones
- Keep OAuth tokens secure and rotate them periodically
- Monitor your account for suspicious activity
Contact
For security-related questions or concerns, contact our security team at security@fluxlens.ai.