Security & Privacy
Your Data Security Is Our Foundation
FlowMetrics Pro is built from the ground up to protect your organization's most sensitive data — employee records, payroll, screenshots, location data, and more.
shield_lockYour Data Is Encrypted — Always
In Transit
Every piece of data sent between your devices and our servers is encrypted with TLS 1.2 or higher. Whether your team is using the web app, desktop app, mobile app, or browser extension — all communication is protected by the same encryption standard used by banks and government agencies.
At Rest
All data stored in our databases and file storage is encrypted using AES-256 encryption — the industry gold standard. This includes employee records, payroll data, screenshots, GPS location data, and every other piece of information in your account.
Passwords
We never store passwords in plain text. All passwords are hashed using bcrypt with a unique salt, making them computationally impractical to reverse-engineer.
Payment Data
Credit card information is handled entirely by Stripe, a PCI DSS Level 1 certified payment processor. Your card numbers never touch our servers.
Built on Enterprise-Grade Infrastructure
We build on the same cloud infrastructure trusted by the world's largest companies. Every provider we use maintains independent security certifications.
Database — MongoDB Atlas
SOC 2 Type II, ISO 27001, and HIPAA certified. Data is encrypted, replicated across multiple nodes for high availability, and backed up continuously.
Screenshots — Backblaze B2
SOC 2 Type II certified storage with 99.999999999% (11 nines) data durability. Encrypted at rest and auto-deleted when your retention period expires.
Payments — Stripe
PCI DSS Level 1 certified — the highest level of payment security certification. We never see or store your full credit card number.
AI Processing — Google Gemini
Only anonymized, aggregated activity data is sent for processing — never screenshots, personal identifiers, or payroll information.
The Right People See the Right Data — Nothing More
| Role | What They Can Access |
|---|---|
| Owner | Full organization data, billing, and configuration |
| Admin | Full organization data and configuration (no billing changes) |
| HR Manager | Employee records, payroll, leave, attendance — organization-wide |
| Manager | Their department's team data only — monitoring, reports, approvals |
| Employee | Their own data only — dashboard, attendance, screenshots, salary slips |
Key Protections
- check_circleManagers cannot see employees outside their department
- check_circleEmployees can only access their own information
- check_circleCustom roles with fine-grained permissions on Professional and Enterprise plans
- check_circleEvery permission change is logged in the audit trail
Monitoring You Can See — Because Trust Goes Both Ways
We believe employee monitoring should be transparent, not secretive. FlowMetrics Pro is designed so employees always know what's being tracked and can see their own data.
visibilityWhat Makes Us Different
- check_circleEmployees see their own screenshots through the self-service portal
- check_circleThe desktop app shows when monitoring is active — no hidden tracking
- check_circleEmployees access their own activity data, daily reports, KPIs, and attendance
- check_circleGamification rewards productivity with points, achievements, and leaderboards
blockWhat We Do NOT Do
- closeNo keystroke logging
- closeNo webcam or microphone recording
- closeNo reading email or message content
- closeNo tracking personal devices
- closeNo monitoring outside work hours (by default)
- closeNo clipboard monitoring
- closeNo access to personal files, photos, or contacts on mobile
Your Data Has an Expiration Date — By Design
We retain monitoring data (screenshots, activity logs, GPS data) only for as long as your plan specifies. After that, it's automatically and permanently deleted.
Free
7 days
Starter
30 days
Professional
90 days
Enterprise
1 year
After retention
Data is permanently deleted through an automated process. Deleted data cannot be recovered.
When you cancel
30 days to export your data. After 90 days, all data is permanently and irreversibly deleted.
On-demand deletion
Request at any time via security@flowmetricspro.com. Processed within 30 days.
Built for Global Compliance
FlowMetrics Pro helps organizations comply with privacy and data protection laws across our target markets.
United States
Compliant with CCPA/CPRA. We do not sell personal information. State-specific employee monitoring notification features built in.
Canada
Compliant with PIPEDA and provincial privacy laws including Quebec’s Law 25. Transparent data collection and consent management.
Australia
Compliant with Privacy Act 1988 and Australian Privacy Principles (APPs). Supports Fair Work Act transparency. NDB scheme compliance.
New Zealand
Compliant with Privacy Act 2020 and Information Privacy Principles (IPPs). Privacy breach notification compliance.
Enterprise Compliance Tools
Security Is a Team Effort
Internal Practices
- check_circleAll team members bound by confidentiality agreements
- check_circleSecurity awareness training for all personnel
- check_circleMFA required for all internal production access
- check_circlePrinciple of least privilege enforced
- check_circleQuarterly access reviews
- check_circleDocumented incident response procedures
Secure Development
- check_circleAll code changes go through peer review before deployment
- check_circleAutomated dependency scanning for known vulnerabilities
- check_circleServer-side input validation and output encoding
- check_circleSecurity headers on all web pages (CSP, HSTS, X-Frame-Options)
- check_circleNo secrets or credentials stored in source code
Always Available, Always Protected
High Availability
- check_circleMulti-node replica set with automatic failover
- check_circleLoad-balanced, auto-scaling API servers
- check_circle11-nines (99.999999999%) screenshot storage durability
- check_circleTarget uptime: 99.9%
Backup & Recovery
- check_circleContinuous database backups with point-in-time recovery
- check_circleRecovery Time Objective (RTO): < 4 hours
- check_circleRecovery Point Objective (RPO): < 1 hour
- check_circleRegular recovery testing to verify backup integrity
If Something Goes Wrong, You'll Know Fast
We detect it
Through automated monitoring and alerting
We contain it
Isolating affected systems within hours
We notify you
Within 72 hours of confirmation, with full details on what happened and what data was affected
We fix it
Full root cause analysis and remediation
We prevent it
Updated controls and procedures to prevent recurrence
We comply with all applicable breach notification laws, including the Australian NDB scheme, New Zealand Privacy Act, PIPEDA, and US state breach notification laws.
Vulnerability reporting: security@flowmetricspro.com — we acknowledge receipt within 24 hours.
Security Questions? We've Got Answers.
We are pursuing SOC 2 Type I certification, targeted for Q4 2026. Our infrastructure providers (MongoDB Atlas, Backblaze B2, Stripe) all maintain current SOC 2 Type II certifications. We can share their reports with Enterprise customers under NDA.
Application data is stored on MongoDB Atlas and screenshots on Backblaze B2, both with AES-256 encryption at rest and TLS 1.2+ in transit. Payment data is stored by Stripe.
Yes. Administrators can export attendance records, payroll data, and reports through the Reports section. For full data exports, contact support@flowmetricspro.com.
Yes. We provide a DPA for all Enterprise plan customers. Contact support@flowmetricspro.com to request one.
Yes. FlowMetrics Pro is fully transparent. Employees can view their own screenshots, app & website usage, activity levels, and attendance data at any time. The desktop app clearly shows when monitoring is active and tracks work activity in real time — including usage, screenshots, active/idle time, and work hours — all synced to the dashboard for full visibility.
Payroll data is stored in our encrypted database (AES-256 at rest, TLS 1.2+ in transit). Access is restricted by role-based permissions — only authorized administrators can view payroll information.
No. Your data is not used to train any AI models. Our AI features use the Google Gemini API, which processes only anonymized activity data and does not retain or use API inputs for model training.
Screenshots capture whatever is on screen during work hours. Employees can view their own screenshots. We recommend organizations inform employees about screenshot monitoring and that employees avoid personal activities during monitored hours. Organizations can configure monitoring to exclude specific time periods.
Yes. SAML-based SSO is available on the Enterprise plan, allowing employees to log in with your company’s identity provider.
Contact security@flowmetricspro.com. For privacy requests, use privacy@flowmetricspro.com. We respond within 24 hours.
Have More Security Questions?
We're happy to discuss our security practices in detail. Enterprise customers can request full security documentation, sub-processor SOC 2 reports, and a DPA.
This security page is updated regularly to reflect our current practices. Last updated: March 2026. For detailed information, refer to our Privacy Policy, Data Processing Agreement, and Terms of Service.