FlowGraph · Security & trust

Security and trust at FlowGraph

How FlowGraph handles your data in plain, procurement-ready language: local-first by default, what our servers never see, the self-host path, the auth model, and an honest compliance status.

FlowGraph stores an organization's operational knowledge, so trust is a product requirement, not a marketing page. This is the plain-language version of how the product handles data, written for the person who has to answer a security questionnaire. Everything here is true today; where something is planned rather than shipped, it says so, with a date.

Where your data lives

On your device, by default. FlowGraph is a local-first app. With no cloud feature configured — the default for anyone who just opens it — the app makes zero network calls for your content. Your graphs, cards, edges, documents, IFC models, run history, and settings live in your browser's local storage, with an optional mirror to a folder on your own disk. No account is required for this, and the anonymous local path never phones home.

Self-host if you prefer. FlowGraph ships as a small pip package you can run on your own machine or inside your own network, serving the same app from your own root. For teams that cannot use a hosted service at all, this is a supported path, not a workaround.

What our servers never see

What does touch a server, and only then

We believe in naming the exceptions rather than hiding them. A request reaches a server only when you choose a feature that needs one: signing in, syncing or sharing a vault, routing AI through our optional proxy so keys can live server-side instead of in the browser, or sending a Revit or Navisworks file to Autodesk's cloud for 3D translation. Cloud 3D translation always sits behind an explicit consent step that names the egress and the credit cost first.

Auth and account model

No account is needed for local work. If you create one to use cloud features, you can use an email address or one-click Google or GitHub sign-in, from which we receive only basic profile information — never your contacts or repositories. In hosted (proxy) mode, provider keys are held as server-side secrets and never returned to the browser, and the server enforces a strict same-origin policy. Payments are processed by Stripe; card details never touch FlowGraph servers, and we store only Stripe's customer and subscription identifiers.

Integrity guarantees

Every change — human, AI, or agent — flows through a single governed write path that stamps provenance and is reversible. Knowledge a human has approved is locked against silent AI overwrite: an AI proposal is always staged as a reviewable diff and never auto-applied, and only a human can deliberately override a lock. Governed writes, approvals, and exports append to an audit ledger, so the record of what happened stays honest.

Compliance status planned

We will not claim a certification we do not hold. As of July 2026, FlowGraph is not SOC 2 certified; formal SOC 2 work is planned and not yet a claim you can rely on for procurement. Data residency today is your own device by default, and for the Team sync path, encrypted at rest with tenant isolation. Our sub-processors are Cloudflare (hosting and the optional worker), Stripe (payments), Autodesk (only for opt-in cloud 3D translation), and whichever AI provider you choose. If your review needs a document we have not published yet, email us and we will tell you honestly what exists and what does not.

Common questions

Does my data leave my device when I use FlowGraph?
Not by default. With no cloud feature configured, the app makes zero network calls for your content, and your vault lives in your browser with an optional mirror to a folder on your disk. Data reaches a server only when you turn on a cloud feature such as sign-in, sync, sharing, or opt-in cloud 3D translation.
Can I self-host FlowGraph?
Yes. FlowGraph ships as a small pip package you can run on your own machine or inside your own network, serving the same app from your own root.
Is FlowGraph SOC 2 certified?
No, not as of July 2026. Formal SOC 2 work is planned but is not yet a claim you can rely on for procurement. We will not present a certification we do not hold.
Where are my AI provider keys stored?
In local mode, on your device, sent only to the provider you chose. In hosted proxy mode, keys are held as server-side secrets and are never returned to the browser.

Start local, prove it yourself

Open FlowGraph, work offline, and watch the network tab. Nothing leaves your device until you ask it to.

Open FlowGraph →