Encryption by default
Traffic is served over TLS 1.2+ and data is encrypted at rest using our cloud provider's managed keys.
Security & Trust
Keep every invoice and approval secure
APFlow is early but deliberate about protecting customer data. Below is an honest view of what exists today and what is on the near-term roadmap.
What exists today
Role-based access
Workspace owners control who can view invoices, approvals, and exports with least-privilege roles.
Audit-friendly logging
Key events—uploads, approvals, payment decisions—are logged with timestamp and actor metadata for review.
What we're building next
- SOC 2 Type II readiness work (policies + control testing).
- Expanded MFA options and SSO for all plans.
- Customer-facing export of detailed audit logs.
Timelines may shift as we learn from customers. We'll keep this page updated as milestones are hit.
Questions?
Email info@apflow.co and we'll share the latest details or complete your security questionnaire.