1. Security Principles
FlowTruss designs NDA with a local-first architecture so customers keep custody of packet data. We focus on layered safeguards, steady improvement, and clear communication with teams evaluating NDA for sensitive environments.
Security Overview
Last updated: November 19, 2025
2. Architecture & Data Flow
Desktop app: Packet captures (PCAP/PCAP-NG), topology files, and workspace data run on your systems and are not sent to FlowTruss by default.
Web Version: Runs entirely in your browser (client-side JavaScript). Packet captures and analysis stay in your browser memory or storage and are not transmitted to FlowTruss servers. Clearing browser storage removes them.
FlowTruss servers: Host the marketing site, documentation, and account/billing pages. We collect standard logs/analytics for these sites and handle account/support communications. Packet-capture contents are not part of those flows.
3. Product Development
- Source control with tracked changes and human review for important code paths.
- Automated checks (linters/tests) triggered on each release.
- Security considerations during planning and validation to ship sensible defaults and guardrails.
We continue to expand these practices over time.
4. Customer Data Stewardship
NDA analyzes data where it already lives. Operational captures remain in customer environments or in-browser. FlowTruss receives only limited administrative info (accounts, billing, support). If you share diagnostic files, we transfer them over encrypted channels and remove them when no longer needed (target: within 90 days of ticket closure unless you request otherwise).
5. Risk & Operational Management
We maintain practical policies for access control, change management, and vendor oversight. Business continuity and incident playbooks exist, are exercised periodically, and adjust as our footprint evolves.
6. Vulnerability Reporting & Security Contact
We welcome coordinated disclosure from customers and researchers. Email security@flowtruss.com with reproduction details and observed impact. We acknowledge receipt, assess severity, and work on fixes where appropriate. FlowTruss does not currently run a public bug-bounty program.
7. Shared Responsibility & Recommended Controls
- Restrict who can import or analyze packet data and protect captured files at rest.
- Keep NDA updated to receive fixes and improvements.
- Clear browser storage for the Web Version if you need to remove local data.
- Follow applicable laws and policies for network monitoring and packet capture.
8. Related Policies
- Privacy Notice – data handling and rights.
- Terms of Service – account requirements, subscriptions, and acceptable use.
- End User License Agreement – licensing terms and third-party notices.
This overview describes current practices and may change as NDA evolves. It is not a certification claim or contractual guarantee.