How we protect your emissions data and maintain platform integrity.
Infrastructure Security
Encryption in Transit
TLS 1.2+ on all connections
Encryption at Rest
AES-256 database encryption
Multi-Tenant Isolation
Tenant-scoped data access controls
Network Security
Private networking, firewall rules
Authentication & Access Control
- JWT-based session management with 7-day token expiry
- Two-factor authentication (2FA) support
- Role-based access control (Admin, User, Read-only)
- API key management with scoped permissions
- CSRF protection on all state-changing operations
- Account lockout after 5 failed login attempts
- Email verification for new accounts
Data Handling
- Emissions data is processed and stored exclusively for your reporting needs
- No cross-tenant data access — strict isolation at the database level
- Full audit logging of data access and modifications
- Data export available at any time (JSON, CSV, PDF)
- Data deletion within 30 days of account termination
Certification Roadmap
We are pursuing industry-standard certifications on the following timeline:
SOC 2 Type I
In preparation
Q3 2026
Responsible Disclosure
If you discover a security vulnerability, please report it to contact@off-grid-flow.com. We take all reports seriously and will respond within 48 hours.
Compliance and Buyer Paths
These pages rely on the same security posture and are linked for procurement, finance, and regulatory reviewers.