🎉 Paychex acquires Flock to provide state-of-the-art benefits administration software
Read more →


We know how critical protecting your data is to you and understand the need to protect it from the ever-increasing threat of hacks and breaches we see everyday. It is our primary goal to keep the Flock platform secured, updated with the latest security patches, encrypted with the highest level of security available for communications, and continuously backed-up. Data security is a top priority.

Flock has completed the HITRUST CSF certification, a prescriptive security control framework designed for the healthcare industry.

This certification ensures that Flock's application platform maintains extensive security controls to not only keep all user data secure but also maintain HIPAA and HITECH compliance. Audit Report can be provided upon request.

Flock is committed to providing the highest level of security available to keep your trusted data protected.

Data Protection

Secure Data in Transit

All communications with Flock are transmitted over SSL (HTTPS) for access to both the public website as well as our API.

To ensure your data is transported in the most safest and secure way possible, our servers require TLS 1.2 which uses strong SHA-2 & 256-bit encryption

Secure Data at Rest

All data stored in our Datastores and Document repositories are encrypted using AES-GCM algorithms with 256-bit secret keys. These encryption keys are stored securely in a separate physical and logical location from the actual data.

External access is restricted via whitelisted internal IPs and access ports.

Continuous Security Reviews

Our infrastructure undergoes regular penetration tests, security and vulnerability scans along with compliance and security assessments performed by independent 3rd parties.

Flock’s infrastructure is SSAE16 SOC-1/SOC-2/SOC-3 Type II certified and hosted at premier data center facilities meeting stringent physical access controls.

Key individuals are only granted access after having received senior management approval as well as completed HIPAA and internal security training.

End to end access controls are reviewed every 60-90 days.

Monitoring and Availability

Data Availability and Recovery

All data is encrypted and backed up daily on a secure location in the U.S.

Annual recovery drills and process reviews are performed to ensure the systems and processes are working as expected.

Data replicas are maintained in a separate secure location to ensure availability.Infrastructure in place to maintain 99.9% uptime.

Continuous Network Monitoring

State-of-the-art monitoring technology deployed to track suspicious and anomalous behavior.

Inbuilt audit trails for all administrators and user activity across all layers of the infrastructure.

World class SIEM, HIDS and firewall technology deployed to ensure our security team can easily detect and mitigate any privacy and security threats to our customer’s data.

End User Security

Strict Password Management

Sensitive data like user passwords are encrypted through hash and salt iteration.

All user data is securely locked down from any direct external access.

User passwords must be at least 8 characters long and should include at least one uppercase and one lowercase letter, one digit, and one special character.

Two-Step Authentication

Flock protects private information with an additional layer of security by requiring a time-bounded 8-digit authentication code.

Each device/browser needs to be re-authenticated every 90 days.

User accounts will be automatically locked after multiple failed login attempts.

Contact us

Reach out if you have any other security-related questions, and we’ll get back to you as quickly as we can.

Contact us
Cookie Policy: We use regular cookies to ensure a great experience.
Got it