Security and privacy at Underflow
Security is a core part of how we build and operate Underflow. This page provides a high-level view of our approach to governance, data protection, product security, and responsible disclosure.
Overview
Principle-led controls and an operating model designed to mature over time.
Layered safeguards around information handling, credentials, and privacy.
Documented paths for monitoring, issue response, and security reporting.
This page is intended to support customer diligence and trust conversations in broad strokes, not serve as a detailed control matrix. For legal and privacy details, see our Privacy Policy and Terms of Service.
Our security program is guided by clear principles and designed to mature over time.
We focus on building trust through consistent controls, measured improvement, and clear communication with customers and partners.
Our policies are based on the following foundational principles
01
Least-privilege access
We design access around legitimate business need and apply controls intended to limit access to the systems and data required for a given role.
02
Defense in depth
We use layered safeguards across identity, application access, data handling, and operational monitoring rather than relying on a single control.
03
Consistent controls
We aim to apply security controls consistently across the product and the supporting systems used to operate it.
04
Continuous improvement
Our security posture is iterative. We use customer diligence, internal review, and issue response processes to keep improving how controls are implemented and documented.
A practical, layered approach to protecting customer information
We think about data protection across transmission, storage of sensitive credentials, and the operational practices that support privacy and diligence.
Data in transit
We use standard protections for data transmitted between users, connected services, and the Underflow platform.
Sensitive data and credentials
We apply encryption and credential-handling controls to sensitive data and secrets where appropriate.
Privacy and transparency
Our public privacy and legal materials are part of how we support diligence, procurement, and trust conversations.
How we operate and respond
Security is an ongoing operating function. We maintain processes for monitoring, issue response, security reporting, and customer review.
Monitoring and issue response
We operate the product with monitoring and issue-response processes intended to help us identify problems, investigate them, and take corrective action.
Vulnerability response
We maintain a documented path for receiving and triaging security reports and for coordinating disclosure when a valid issue is identified.
Customer security review
This page is intended to give prospects, customers, and partners a clear high-level view of our security posture as part of ongoing trust and procurement conversations.
Privacy and legal references
Supporting materials
We use public-facing legal and privacy materials to help customers understand how we handle data and how to contact us with security or privacy questions.
Contact
Questions or a security request?
For vulnerability reports or general security questions, contact security@useunderflow.com. For privacy and legal questions, contact legal@useunderflow.com.