Security

Introduction

At Flai, security is a core part of how we build and operate our platform. Our customers rely on us to support critical aspects of their business, and we take that responsibility seriously. We are committed to protecting the systems and data that flow through our platform while ensuring they remain consistently available and reliable.

This page outlines the technical and organizational measures Flai Technologies Inc. ("Flai," "we," "our," or "us") uses to protect the information we process on behalf of our Dealership Customers and their End Users.

Compliance and Certifications

Flai is SOC 2 Type II compliant and has been independently audited against industry-standard criteria for security, availability, and confidentiality. Our program is designed to meet the expectations of enterprise dealership groups and is continuously reviewed against evolving regulatory requirements. A copy of our latest SOC 2 report is available under NDA upon request.

Infrastructure and Data Storage

We rely on secure, enterprise-grade cloud infrastructure to store and process customer data. Production systems are logically separated from development and testing environments to reduce risk. Our infrastructure providers maintain strict physical and environmental controls, allowing us to inherit a strong baseline of security and reliability.

Network and Platform Security

Flai protects its systems through layered controls designed to prevent unauthorized access and detect anomalous behavior. Our platform is continuously monitored, and access to internal services is restricted to authorized users and systems. Security updates are applied on an ongoing basis, and all changes to infrastructure and application code are reviewed and tested before being deployed to production.

Data Protection

We protect customer data throughout its lifecycle. Data is encrypted both in transit and at rest using industry-standard protocols, ensuring confidentiality whether it is being transmitted, stored, or processed. Access to data is limited to authorized personnel and only granted when necessary for a specific purpose. We also maintain defined retention policies and securely delete data when it is no longer required.

Access Control

Access to systems that handle customer data is tightly controlled and requires authentication with multi-factor protection. Permissions are granted based on role and are regularly reviewed to ensure they remain appropriate. Access is promptly revoked when no longer needed, and administrative activity is logged and monitored to detect unusual behavior.

Application Security

Security is integrated into our development lifecycle. All code changes undergo review and testing prior to release, and we use automated tools to identify vulnerabilities early. Customer data is logically isolated between dealerships, and authorization is enforced at every level of the application. We also conduct periodic third-party security testing to validate the resilience of our systems.

Workforce and Operational Security

Flai maintains a strong internal security culture supported by formal policies and ongoing training. Employees and contractors are required to complete security and privacy training and are bound by confidentiality obligations. Devices used to access company systems are managed and secured, and our internal policies governing access, data handling, and incident response are reviewed regularly.

Third-Party Security

We carefully evaluate and manage third-party providers that process or access customer data. Vendors are assessed before onboarding and are required to meet our security and privacy standards. We maintain appropriate contractual protections and limit access to only what is necessary to deliver our services.

Incident Response

Flai maintains a structured incident response program designed to quickly detect, contain, and resolve security events. Systems are continuously monitored, and incidents are investigated promptly by our team. If an incident is confirmed to impact customer data, affected customers are notified in accordance with applicable legal requirements, along with details on impact and remediation steps.

Availability and Reliability

Ensuring the availability of our platform is a core priority. Our systems are designed with redundancy and are continuously monitored to identify and resolve issues before they impact service. Data is backed up regularly, and we maintain disaster recovery procedures to ensure continuity in the event of an unexpected disruption.

Contact Us

If you have any questions about out security practices, please contact us at:

Email: support@useflai.com
Company: Flai Technologies Inc.