Skip to content

Security

Last updated: 7/11/2026

Security Overview

At FluxLens, security is fundamental to our platform. We protect customer data with scoped access, server-side authorization checks, and clear boundaries between demo data and customer workspaces.

Data Protection

Metadata-Only Processing

FluxLens processes only coordination metadata—timestamps, user IDs, channel names, issue statuses. We do not access or store:

  • Message content or body text
  • File contents or attachments
  • Private or direct message content
  • Code repositories or source code

Encryption

  • In Transit: All data is encrypted using TLS 1.3 during transmission
  • At Rest: Stored customer data relies on provider-managed encryption controls
  • Database: Secrets and integration tokens are kept server-side and away from browser responses

Access Controls

Authentication: FluxLens uses authenticated sessions and scoped OAuth connector access. MFA and enterprise SSO enforcement are roadmap controls, not a current product certification claim.

Authorization:Customer-data routes re-check the signed-in user's organization and role before returning or mutating organization data.

API Security: Customer-data API endpoints require authentication, organization context, and request validation. Demo-only endpoints are separated from live customer data paths.

Compliance Readiness

SOC 2 Type II: FluxLens does not currently claim SOC 2 Type II certification. Enterprise audit evidence, SSO, and related controls are tracked as enterprise-readiness work.

Data rights: Export, deletion, and retention workflows are handled through product controls and support as they are implemented. We do not present these workflows as a third-party legal certification.

Customer review: Pilot and enterprise customers can request a security review of current controls before connecting production workspaces.

Infrastructure Security

Cloud Infrastructure: FluxLens is built on managed cloud infrastructure and application-level controls, including:

  • Authenticated customer-data access
  • Organization-scoped authorization checks
  • Audit logging for sensitive actions
  • Backup, recovery, and incident runbook work tracked for enterprise readiness

Vulnerability Reporting

We take security vulnerabilities seriously. If you discover a security issue, please report it to security@fluxlens.ai. We will respond promptly and work with you to resolve the issue.

Please do not publicly disclose vulnerabilities until we have had a chance to address them.

Security Best Practices

We recommend users:

  • Use multi-factor authentication through your identity provider where available
  • Use strong, unique passwords
  • Regularly review connected integrations and revoke unused ones
  • Keep OAuth tokens secure and rotate them periodically
  • Monitor your account for suspicious activity

Contact

For security-related questions or concerns, contact our security team at security@fluxlens.ai.