Security Policy

Data Security & Employee Access

Data security and integrity is a top concern at Statflo. As a result we’ve built our system from the ground up on cloud technologies that ensure data is isolated and protected. None of our technical support staff have any access to the backend hypervisors where our customers’ virtual servers reside nor direct access to the storage systems where backup images reside.

Our infrastructure is 100% hosted by Amazon Web Services (AWS), which adheres to the highest standards of compliance including: SOC 1, SOC 2, SOC 3, PCI DSS Level 1, ISO 9001, ISO 27001 and ISO 27017. You can read more about their policies at:

Data processing

Data provided to Statflo is processed without human intervention, remains encrypted during transit and is stored encrypted at rest. Data does not leave our AWS environment.

Customer Proprietary Network Information

CPNI is defined as information that relates to call records, quantity, technical configuration, type, destination, and amount of use of service as subscribed to by the customers of a telecom provider. No CPNI is stored or used by Statflo unless provided by the provider directly and in compliance with their storage and access requirements. CPNI does not include: date of purchase, customer name, address and phone number.

Credit Card Security

We hand off credit card processing to Chase Paymentech. They power online transactions for thousands of business and SaaS platforms and comply with PCI standards in the storage and handling of credit card information.


All communications with Statflo are transmitted over SSL (HTTPS) for both access to the application as well as the API. We use AES 256-bit encryption with a 4096-bit SSL certificate and TLS 1.2.


We would love to hear from you if you have any questions regarding any specific policy that could be made clearer or any general inquiries regarding security.

Please email us directly at: