Security

Security & Governance

At DataFlowMapper, we understand that data security is paramount. Our architecture is designed for "Short-Term Retention," minimizing risk while providing powerful tools.

Our Security Commitment

At DataFlowMapper, we understand that data security is paramount for implementation and migration teams. We have designed our architecture for "Short-Term Retention," minimizing risk while providing the tools you need to collaborate.

Infrastructure & Compliance

We do not host our own servers. Instead, we leverage world-class, SOC2-compliant infrastructure providers to ensure enterprise-grade security and availability.

Railway (Hosting)

  • Region: US-East (Virginia)
  • Compliance: SOC 2 Type II
  • Role: Secure application hosting and processing
View Compliance Docs →

Supabase (Database & Auth)

  • Encryption: At-rest and in-transit
  • Compliance: SOC 2 Type II, HIPAA
  • Role: Authentication and encrypted storage
View Security Docs →

Vercel (Frontend, Edge & CDN)

  • Security: SOC 2 Type II, ISO 27001
  • Role: Secure content delivery and edge computing
  • Protection: DDoS mitigation & global CDN
View Security Docs →

Sentry (Monitoring)

  • Compliance: SOC 2 Type II, HIPAA
  • Role: Real-time error tracking & performance monitoring
  • Privacy: PII scrubbing enabled by default
View Security Docs →

Data Lifecycle & Retention

Our retention policies ensure that your sensitive client data is never permanently stored by DataFlowMapper unless explicitly saved by you to your secure library.

1. Temporary Retention

Processing occurs on isolated resources to ensure data separation. Source and transformed files are securely stored in an isolated environment for 24 hours to ensure availability for large file operations and download. After this window, an automated process permanently purges the data.

2. Library (User-Controlled)

Mapping logic files and Lookup Tables that you explicitly save to your Team Library are stored with AES-256 encryption at rest. You retain full ownership and can delete these assets at any time.

Governance & Controls

  • Row Level Security (RLS): We utilize strict Row Level Security policies at the database layer, ensuring that data is cryptographically isolated to your specific user or team context.
  • Automated Hygiene: Scheduled cron jobs run continuously to identify and purge any "orphaned" temporary data, ensuring strict adherence to our retention policies.
  • Access Control: Team-based permissions allow you to control who within your organization can view or edit shared Mapping Logic.

AI & Privacy

Our AI features are designed to assist with logic generation without compromising data confidentiality.

  • Zero Training: OpenAI does not use your data to train their models. We do not store your data for model training.
  • Minimal Context: When you use AI mapping, we send only the field names and the first 10 rows of data to provide schema context, and PII is masked before sending. Full datasets are never sent to the LLM.
  • Opt-In: AI features are completely optional.
DataFlowMapper Logo
DataFlowMapper

The visual data transformation platform that lets implementation teams deliver faster, without writing code.

Start mapping

Product

FeaturesUse CasesEarly AdoptersPricingFree ToolsProduct Identity

Company

Sign InContactTutorialsDocumentationBlogFAQ

Legal

Privacy PolicyTerms of ServiceSecurity

Newsletter

Get the latest updates on product features and implementation best practices.

© 2026 DataFlowMapper. All rights reserved.