Trust Center
Security and trust, by design
We help organizations reduce human risk — so protecting the data you trust us with is foundational, not an afterthought. Here's a plain-language overview of how we keep your information safe.
Data protection
- Encrypted in transit — all traffic is served over TLS (HTTPS).
- Sensitive personal data is encrypted at rest in our database.
- Passwords are never stored in plain text — they are hashed and salted (industry-standard bcrypt), screened against known-breach databases, and protected by enforced multi-factor authentication.
- Least privilege by default — role-based access limits who can see and do what.
Access control
- Clear role separation across every tier — employees, organization admins, and platform operators each see only what their role permits.
- Administrative and security-relevant actions are recorded to an audit trail.
- Strict tenant isolation — each customer organization’s data is separated so one tenant can never reach another’s.
Infrastructure
- Hosted on reputable cloud infrastructure located in Canada and the United States.
- Regular backups protect against accidental loss.
- Continuous monitoring and alerting on system health and errors.
Application security
- Input is validated and the platform is engineered to resist common injection attacks (such as SQL injection and cross-site scripting).
- Rate limiting and abuse protections guard sensitive actions like sign-in, password reset, and multi-factor verification.
- Cross-site request forgery protection on state-changing requests.
- Security events are captured in audit logs for accountability.
Compliance intent
- We design and operate our controls with SOC 2 principles in mind.
- Our data handling is structured to support privacy obligations under PIPEDA, BC PIPA, and the GDPR.
- We do not claim a formal certification here — this page describes the practices and controls we actively operate.
Vulnerability disclosure
- Found a vulnerability? Email security@masternetflow.com.
- We practice responsible disclosure — report privately and give us reasonable time to remediate before any public discussion.
- Please avoid accessing other users’ data, degrading the service, or running automated attacks during testing.
- We acknowledge and thank researchers who help keep our customers safe.
See something? Tell us.
Security is a shared responsibility. If you believe you’ve found a vulnerability or have a security concern, reach out directly — we read every report and respond promptly.
security@masternetflow.comLooking for our policies? Read the Privacy Policy and Terms of Service.
Last updated June 20, 2026