Flow Like logoFlow Like
Security First

Security You Can Verify

Flow-Like is open source. Every line of code is auditable. Combine memory-safe Rust internals with role-based access control, encryption at rest, and complete audit trails.

View Source Code Report a Vulnerability
Security Architecture

Defense in Depth

Multiple layers of security β€” from the language runtime to the deployment boundary.

Memory-Safe Runtime

The entire execution engine is written in Rust β€” eliminating buffer overflows, use-after-free, and data races at compile time. No garbage collector pauses, no runtime surprises.

Sandboxed Extensions

Custom nodes run in WASM sandboxes with capability-based security. No filesystem or network access unless explicitly granted. Malicious code cannot escape the sandbox.

Role-Based Access Control

Granular permissions for workflows, nodes, secrets, and deployments. Assign roles at the organization, team, or project level. Enforce least-privilege by default.

Encryption Everywhere

TLS 1.3 for data in transit. AES-256 encryption at rest for secrets, credentials, and sensitive workflow data. Keys managed via your KMS or ours.

Complete Audit Trail

Every workflow execution, configuration change, and access event is logged with timestamps, user identity, and full context. Export to your SIEM or compliance tooling.

Supply Chain Security

All dependencies are tracked with SBOMs. Third-party licenses are audited continuously. Dependency updates are tested in CI before release.

Data Sovereignty

Your Data, Your Rules

Flow-Like never requires your data to leave your infrastructure. Run on-premise, in your VPC, or on the desktop β€” with zero telemetry unless you opt in.

Local-First Architecture

The desktop app works fully offline. No cloud dependency required. Your workflows, data, and secrets stay on your machine.

Self-Hosted Deployment

Deploy Flow-Like in your own cloud or on-premise infrastructure. Docker, Kubernetes, and bare-metal supported.

Data Residency Controls

Choose where your data is processed and stored. Meet GDPR, CCPA, and regulatory requirements with deployment-level controls.

Compliance & Transparency

Built for Regulated Industries

From healthcare to finance to government β€” Flow-Like provides the controls regulated environments demand.

GDPR Ready

Data deletion workflows, consent management, and processing records. Request data deletion at any time.

Learn more

SOC 2 Controls

Access controls, change management, and monitoring aligned with SOC 2 Trust Service Criteria.

Open Source Transparency

Every dependency, every license, every line of code β€” publicly auditable. View the full third-party notice.

Learn more

SBOM Available

Software Bill of Materials generated for every release. Full dependency tree with license and vulnerability data.

Questions About Security?

Our security team is ready to discuss your requirements. For vulnerability reports, please use our responsible disclosure process.

Contact Security Team View Third-Party Notices