Flatly is hosted on Google Cloud Platform and protected by Cloudflare.
Flatly is built on Firebase.
Firebase is a database-as-a-service hosted and operated by Google.
Flatly encrypts all data at rest and in transit (HTTPS).
Flatly passed Intuit's Security Review each year since 2021
Flatly passed Shopify's app review in 2023.
Flatly has partnered with RedSentry for a security audit.
Flatly uses Snyk for security testing.
Flatly runs on Google Cloud Platform which has the following certifications:
SOC 1/2-3
Google provides more information here:
Flatly is a conduit architecture.
Flatly does not store clients' business data itself (like CRM data for example) on any of our infrastructure. After a job runs (successfully or not) Flatly permanently deletes a temporary cache from our server that was required for the flattening process to work.
Reliable Integration Partners.
Flatly uses trusted and reliable third party intermediaries for many of our integrations:
Plaid for connectivity to financial institutions.
Session Auto-Sign-out
Flatly sessions time out after 1 hour of inactivity and every 24 hours. Then clients must re-authenticate to Flatly.
Security Questionnaires
Flatly does not provide customized security reports or questionnaire responses on request.
Most industry security audits are designed for vendors with large organizations comprised of numerous IT staff, roles and access points, and for applications that persist client data.
Most security incidents in the industry originate in the manipulation of these larger human access points, roles vulnerabilities and/or persisted data. More staff typically means more vulnerabilities and the need for security certifications.
Flatly has only 1 Infrastructure Administrator.
Flatly does not persist customer business data (CRM, Accounting, etc.)
Flatly has not had any breach of any kind since its founding in 2017.