Security

Security & Governance

At DataFlowMapper, we understand that data security is paramount. Our architecture is designed to be "Transient by Default," minimizing risk while providing powerful tools.

Our Security Commitment

At DataFlowMapper, we understand that data security is paramount for implementation and migration teams. We have designed our architecture to be "Transient by Default," minimizing risk while providing the tools you need to collaborate.

Infrastructure & Compliance

We do not host our own servers. Instead, we leverage world-class, SOC2-compliant infrastructure providers to ensure enterprise-grade security and availability.

Railway (Hosting)

  • Region: US-East (Virginia)
  • Compliance: SOC 2 Type II
  • Role: Secure application hosting and processing
View Compliance Docs →

Supabase (Database & Auth)

  • Encryption: At-rest and in-transit
  • Compliance: SOC 2 Type II, HIPAA
  • Role: Authentication and encrypted storage
View Security Docs →

Data Lifecycle & Retention

Our "Transient Processing" model ensures that your sensitive client data is never permanently stored by DataFlowMapper unless explicitly saved by you to your secure library.

1. Processing (Transient)

All data transformations happen in-memory. Transformed files are held in a temporary, secure isolation zone for exactly 15 minutes to allow for download/handoff. After this window, an automated cleanup job cryptographically erases the data.

2. Library (User-Controlled)

Mapping logic files and Lookup Tables that you explicitly save to your Team Library are stored with AES-256 encryption at rest. You retain full ownership and can delete these assets at any time.

Governance & Controls

  • Row Level Security (RLS): We utilize strict Row Level Security policies at the database layer, ensuring that data is cryptographically isolated to your specific user or team context.
  • Automated Hygiene: Scheduled cron jobs run continuously to identify and purge any "orphaned" temporary data, ensuring strict adherence to our retention policies.
  • Access Control: Team-based permissions allow you to control who within your organization can view or edit shared Mapping Logic.

AI & Privacy

Our AI features are designed to assist with logic generation without compromising data confidentiality.

  • Zero Training: OpenAI does not use your data to train their models. We do not store your data for model training.
  • Minimal Context: When you use AI mapping, we send only the field names and the first 10 rows of data to provide schema context. Full datasets are never sent to the LLM.
  • Opt-In: AI features are completely optional and can be disabled at the Account level.
DataFlowMapper Logo
DataFlowMapper

The visual data transformation platform that lets implementation teams deliver faster, without writing code.

Start mapping

Product

FeaturesUse CasesEarly Adopters

Company

Sign InContactTutorialsDocumentationBlogFAQ

Legal

Privacy PolicyTerms of ServiceSecurity

Newsletter

Get the latest updates on product features and implementation best practices.

© 2025 DataFlowMapper. All rights reserved.