We recognize your documents may contain sensitive and confidential information. That’s why it is our utmost top priority to keep your data secure. To contact us about a security concern, send an email to security@flippr.ai. You can also monitor many of our security controls and find more information by going to trust.flippr.ai.
Flippr successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit, confirming that Flippr’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security. Flippr received an unqualified opinion from its auditors, demonstrating that Flippr manages customer data with the highest standard of security and compliance. Customers and prospects can request access to the audit report here.
Flippr has also achieved an ISO/IEC 27001:2022 certification, signifying our adherence to the world's best-known standard for information security, risk management, cyber-resilience, and operational excellence. For more information on how this certification demonstrates the commitment and ability to manage information securely and safely, see this link. Customers and prospects can request access to the certification here.
Flippr's web-application is hosted on Amazon Web Services (AWS), which provides built-in, end-to-end security and privacy features. AWS maintains an impressive list of reports, certifications, and third-party assessments to ensure state-of-the-art data center security. AWS infrastructure is housed in Amazon-controlled data centers throughout the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access.
See below for more information on the additional, proactive measures our team takes to ensure a secure infrastructure environment. More information on AWS data centers and their security controls can be found here. Additional details regarding AWS security can be found here.
Flippr uses Vercel’s global deployment network for certain web-app services, which also run on AWS. Vercel is SOC 2 type 2 and GDPR compliant, and Flippr does not share any user content or personal identifiable information with Vercel. Additional details regarding Vercel's security can be found here.
Flippr web application communications use TLS 1.2 encryption, which is the same level of encryption used by financial institutions. All Flippr data is encrypted at rest using AES-256 encryption.
Flippr uses passwordless logins with email authentication by default, eliminating risky password management practices. Enterprise Plan customers can also use a chosen SSO identity provider.
All employees go through a thorough background check and sign a confidentiality agreement. We secure our employees' computers using mobile device management (MDM), with hard-drive encryption enabled and anti-malware software installed.
Your documents are always private, accessible only to you and the people with whom you share them. For more information on how we keep your personal information private, see our Privacy Policy.
Flippr employs best practices and appropriate technical and organizational measures to safeguard personal data. Flippr regularly monitors compliance with these measures. Security measures, in addition to the ones listed above, include:
Flippr's web-application is hosted by AWS, which is certified SOC 2 Type 2. AWS maintains a list of certifications and third-party assessments. The AWS infrastructure is managed in Amazon-controlled data centers throughout the world, and the data centers are secured with physical controls to prevent unauthorized access. Flippr maintains no physical office, and employee computers are password protected and monitored as described above.
We maintain separate production and development/staging environments. Access to production environments is limited to authorized personnel and access is logged.
To troubleshoot and address customer issues, the Flippr support team obtains explicit permission from customers and approval from appropriate system administrators before accessing specific user content that is related to the customer reported issue. This type of access is only granted when required to troubleshoot a customer issue and is restricted to the select support personnel assisting with the specific issue. These types of support requests are logged.
Flippr uses industry-standard encryption algorithms, as further noted above. The company also does not store credit card information, but rather uses Stripe to process payments. Stripe is one of the world's largest payment processors and complies with the most stringent level of certification available in the payments industry.
Users are authenticated with passwordless logins over email or a chosen SSO identity provider. Flippr uses web cookies to validate signed-in users.
Flippr logically segregates user personal data so that users will only be able to access their own data and not personal data belonging to other users.
We regularly backup databases and user content is stored in persistent storage.
When you delete a document, it moves to the Trash. If you manually delete a document from the Trash, Flippr permanently purges this data automatically. Flippr automatically purges documents from the Trash after 30 days. Enterprise Plan admins have the ability to override this policy for their organizations to store documents even after they have been deleted from the Trash.
To help ensure the consistent delivery of our services, we employ system performance and availability monitoring mechanisms and other operational procedures. Our web-app is hosted on AWS and Vercel, two global, SOC 2 type 2 compliant vendors with exceptional availability.