Security Overview

Last Updated: May 29, 2026

This page provides a high-level overview of the security practices used to protect the IntentFlo Services. It is for informational purposes only and does not modify the Terms of Service, Data Processing Addendum, or any other agreement, and does not create any service level commitment.
Section 1 — Hosting and Infrastructure

The IntentFlo Services are hosted on Amazon Web Services (AWS) in the United States (us-east-1). IntentFlo uses managed AWS services — including compute, database, API, and storage components — to operate the Services. AWS maintains industry-recognized certifications (including SOC 2 and ISO 27001) for its infrastructure. More information is available at aws.amazon.com/security.

Section 2 — Data Protection

Encryption in Transit

Data transmitted to and from the Services is encrypted using industry-standard transport layer security (TLS). API endpoints are served exclusively over HTTPS.

Encryption at Rest

Customer Data stored in AWS is protected by encryption at rest at the storage layer using AWS-managed encryption. See the DPA §4.5 for additional detail on how certain data fields are stored and transmitted to advertising platforms.

Data Minimization

Customers are responsible for minimizing the Personal Data submitted to the Services consistent with their business needs and legal obligations. IntentFlo does not require submission of sensitive personal data categories to operate the core Services.

Section 3 — Identity Resolution and Audience Activation

Certain features — including identity resolution and audience activation — involve transmitting audience identifiers to third-party advertising platforms at Customer's direction. Where supported by a platform, identifiers (such as email addresses and phone numbers) may be hashed using SHA-256 at the time of transmission. Hashed values are not persisted back to IntentFlo's storage.

Advertising platforms and third-party services receive and process data under their own terms and policies. See the Terms of Service and Subprocessors page for more information on data flows.

Section 4 — Access Controls
Section 5 — Monitoring and Logging

IntentFlo maintains logging and monitoring designed to help detect and respond to reliability and security issues, including unauthorized access attempts and abnormal activity patterns. Logs are retained for a commercially reasonable period consistent with operational and security needs.

Section 6 — Subprocessors

IntentFlo uses certain third-party service providers (Subprocessors) to support the Services, including for hosting, payment processing, and identity resolution. A current list is maintained at: intentflo.com/subprocessors/

Section 7 — Incident Response

IntentFlo maintains an incident response process for investigating and remediating confirmed Security Incidents. Customer notification commitments are described in the Data Processing Addendum and at intentflo.com/security-incident/.

Security Questions & Procurement Requests

For security questions, additional documentation requests, or to report a suspected vulnerability, contact:

Intentflo LLC
info@intentflo.com