Trust Center

Everything your security, legal, and procurement teams need to evaluate OffGridFlow.

SOC 2 Type IQ3 2026

In Preparation

Data EncryptionActive

TLS 1.2+ in transit, AES-256 at rest

Multi-Tenant IsolationActive

Tenant-scoped data access on every query

MFA / 2FAAvailable

TOTP-based two-factor authentication

SSO / SAMLQ4 2026

Planned for Enterprise tier

GDPR ComplianceActive

Data export, deletion, retention controls

Security Architecture

Authentication

JWT-based sessions with 7-day TTL. Account lockout after 5 failed attempts (15-minute cooldown). Email verification for new accounts. CSRF protection on all state-changing operations.

Authorization

Role-based access control (Admin, User). Tenant-scoped data isolation enforced at the database query level. Subscription-tier enforcement on all premium API endpoints. Admin accounts bypass subscription checks for platform management.

Data Protection

All data encrypted in transit via TLS 1.2+. Database encryption at rest managed by infrastructure provider. API keys hashed before storage. Secrets managed via environment variables with no hardcoded credentials in source code.

Network Security

CORS restricted to explicit allowed origins (no wildcards). Security headers on every response: X-Frame-Options DENY, HSTS with preload, Content-Security-Policy, X-Content-Type-Options nosniff. Rate limiting on all HTTP methods.

Audit Logging

Immutable change log tracks all data modifications (entity, field, old/new values, user, timestamp). Calculation ledger records every emission calculation with full formula transparency. Approval workflow records preparer, reviewer, and approver with timestamps.

File Upload Security

CSV uploads validated by file extension and MIME type detection. Maximum upload size: 50MB. Content sniffing rejects non-text file types. No executable content accepted.

Privacy & Data Governance

Data Ownership

All emission data, reports, and uploaded evidence remain the property of the customer. OffGridFlow processes data solely for service delivery.

Data Export

Full tenant data export available via API (JSON). Includes users, activities, calculation ledger, and change log. Available at any time during subscription.

Data Deletion

Deletion request via API or email. 30-day retention period for final export. Permanent deletion after retention window. Audit logs retained per regulatory requirement.

Retention Schedule

Emission data: subscription + 90 days. Calculation ledger: subscription + 7 years (audit trail). User accounts: subscription + 30 days. Evidence files: subscription + 90 days.

Subprocessors

Railway (infrastructure hosting), Stripe (payment processing), SendGrid (transactional email). No customer data shared with AI training or analytics services.

International Transfers

Data hosted in US-West region. EU customers: Standard Contractual Clauses available. No data processing outside the hosting region without customer consent.

Incident Response

P1 (Service Down)

Response within 30 minutes

Email notification to all affected customers

P2 (Degraded Performance)

Response within 4 hours

Status page updated, email for extended outages

Post-Incident Review

Within 72 hours

Root cause analysis shared with affected customers

Security Vulnerability

Report to contact@off-grid-flow.com

Acknowledgment within 48 hours, remediation tracked

Role-Based Access Control (RBAC)

OffGridFlow enforces role-based permissions at the API layer. Every request is validated against the authenticated user's role before data is returned.

Capability	Admin	User	Viewer
View dashboard and emissions data	Yes	Yes	Yes
Upload CSV / connect data sources	Yes	Yes	No
Create and edit activities	Yes	Yes	No
Generate compliance reports	Yes	Yes	No
Submit reports for approval	Yes	Yes	No
Approve or reject reports	Yes	No	No
Lock factor snapshots	Yes	No	No
Manage users and roles	Yes	No	No
Configure billing and subscription	Yes	No	No
Export all organization data	Yes	No	No
Request data deletion	Yes	No	No
View audit logs and change history	Yes	Yes	Yes

Security Control Artifacts

Tenant Isolation Test Artifact

In the integration suite, a second registered tenant authenticates successfully and then calls GET /api/emissions/activities. The response is 200 OK with 0 activities from the first tenant, proving no cross-tenant data leakage through the main emissions activity endpoint.

MFA Challenge Flow

The login flow supports a second authentication step with a six-digit one-time code. After primary credential verification, users complete /api/auth/verify-2fa using a temporary token and TOTP code before a session token is issued.

Data Governance Walkthrough

OffGridFlow provides self-service data governance endpoints. Admins can export, request deletion, and review retention policies without contacting support.

Data Export (GET /api/governance/export)

Admin-only. Returns a JSON package containing all organization data: users, activities, calculation ledger entries, and change log. Response includes exported_at timestamp and tenant_name. Download as a file via Content-Disposition header.

Deletion Request (POST /api/governance/delete-request)

Admin-only. Initiates a 30-day retention window. The request is logged in the change log with the requesting user's ID. Data is retained for 30 days to allow cancellation, then permanently removed. Response includes deletion_date and retention_days.

Retention Policy (GET /api/governance/retention)

Returns the organization's data retention schedule:

Emission data: Subscription + 90 days
Calculation ledger: Subscription + 7 years (audit trail)
User accounts: Subscription + 30 days
Change log: Subscription + 7 years
Evidence files: Subscription + 90 days

Export formats: JSON (full dataset), PDF (reports), CSV (activities), XBRL (compliance). All emission data, reports, and uploaded evidence remain the property of the customer.

Data Classification

Data Type	Classification	Handling
User credentials (passwords)	Secret	bcrypt hashed, never stored in plaintext, never logged
API keys	Secret	SHA-256 hashed at rest, prefix-only display in UI
Cloud connector credentials	Confidential	Encrypted at rest (AES-256), tenant-scoped access only
Emission activity data	Internal	Tenant-isolated, soft-deleted, exportable, 90-day post-subscription retention
Calculation results	Internal	Immutable ledger, 7-year retention for audit compliance
Compliance reports	Internal	Versioned, approval-gated, export with checksum verification
Audit logs	Internal	Append-only, 7-year retention, includes IP and user agent
Email addresses	PII	Used for authentication only, exportable via governance API, deletable on request
Emission factors	Public	Sourced from EPA, IEA, DEFRA, IPCC — publicly available data

Compliance & Certifications Roadmap

SOC 2 Type I

Point-in-time assessment of security controls. Covers: Security, Availability, Confidentiality trust service criteria.

Q3 2026

In preparation

SOC 2 Type II

Operating effectiveness of controls over a 6-month observation period.

Q1 2027

Planned

ISO 27001

Information security management system certification.

Q2 2027

Planned

Pen Testing

Third-party penetration test with remediation tracking. Results available to enterprise customers under NDA.

Q3 2026

Planned

Resources for Procurement

Data ArchitectureWeb Page Evidence PackWeb Page Operations ProofWeb Page Privacy PolicyWeb Page Terms of ServiceWeb Page Data Retention PolicyWeb Page Methodology LibraryWeb Page System StatusLive Dashboard

Framework and Role Pages

Procurement and finance reviewers often start here, then branch into the framework-specific buying pages below.

SB 253 reporting software CSRD reporting software IFRS S2 reporting software For CFOs For sustainability managers For procurement

Need more detail?

For security questionnaires, DPA requests, or custom procurement requirements, contact us directly.

Contact Security Team