Secure Data in Transit

All communications with Flock are transmitted over SSL (HTTPS) for access to both the public website as well as our API.

To ensure your data is transported in the most safest and secure way possible, our servers require TLS 1.2 which uses strong SHA-2 & 256-bit encryption

Secure Data at Rest

All data stored in our Datastores and Document repositories are encrypted using AES-GCM algorithms with 256-bit secret keys. These encryption keys are stored securely in a separate physical and logical location from the actual data.

External access is restricted via whitelisted internal IPs and access ports.

Continuous Security Reviews

Our infrastructure undergoes regular penetration tests, security and vulnerability scans along with compliance and security assessments performed by independent 3rd parties.

Flock’s infrastructure is SSAE16 SOC-1/SOC-2/SOC-3 Type II certified and hosted at premier data center facilities meeting stringent physical access controls.

Key individuals are only granted access after having received senior management approval as well as completed HIPAA and internal security training.

End to end access controls are reviewed every 60-90 days.

Strict Password Management

Sensitive data like user passwords are encrypted through hash and salt iteration.

All user data is securely locked down from any direct external access.

User passwords must be at least 8 characters long and should include at least one uppercase and one lowercase letter, one digit, and one special character.

Two-Step Authentication

Flock protects private information with an additional layer of security by requiring a time-bounded 8-digit authentication code.

Each device/browser needs to be re-authenticated every 90 days.

User accounts will be automatically locked after multiple failed login attempts.