Security at AccordFlow
We build AccordFlow with a security‑first mindset: encryption in transit and at rest, strong access controls, and auditability throughout.
Encryption
TLS 1.2+ in transit; AES‑256 at rest.
SSO & RBAC
SAML/Entra SSO, granular roles & permissions.
Auditability
Comprehensive activity trails, approvals, and e‑sign logs.
Integrations
Secure connections with Slack, Google Drive, and Outlook.
Compliance
- SOC 2: Controls mapped and monitored; report available for Enterprise under NDA.
- Vendor/security reviews supported with a standard security questionnaire.
- Annual penetration testing and continuous dependency scanning.
Data encryption
- TLS 1.2+ for data in transit
- AES‑256 for data at rest
- Secrets stored securely
Access control
- SSO (SAML/Entra) and SCIM (Enterprise)
- Granular roles & permissions
- IP allowlist (Enterprise)
Data lifecycle
- Backups & disaster recovery
- Retention & export controls
- Environment isolation for testing
Application security
- Secure SDLC with code review and dependency scanning
- Secrets management and least‑privilege access
- HSTS, content security, and strict transport policies enforced
- Incident response and audit logging
Subprocessors & integrations
We integrate with Slack, Google Drive, and Outlook. Enterprise customers can request a full list of subprocessors.
Questions or security review?
Need our SOC 2 information or a security questionnaire? We’re happy to help.