dFlow Cloud
dFlow operates the hosted control plane at app.dflow.sh. You attach Worker Nodes, connect Git and registries, and link supported cloud accounts when you provision infrastructure through dFlow.
Trust Center
Security, privacy, and compliance for dFlow.
dFlow helps teams deploy applications, databases, and services on infrastructure they control. This page summarizes how dFlow Cloud and self-hosted deployments handle security, privacy, and procurement questions.
At a glance
dFlow Cloud and self-hosted deployments place different responsibilities on the control plane. Use this split when you map controls to your security review.
Self-hosted dFlow
You run the control plane on infrastructure you manage. Authentication, database access, and network boundaries remain your responsibility alongside the product configuration.
dFlow is open source under MIT. Customer documentation lives at docs.dflow.sh.
Compliance
Formal attestations apply to the surfaces dFlow operates. Self-hosted deployments and customer cloud accounts remain your responsibility unless a signed agreement says otherwise.
| Framework | Status | Summary |
|---|---|---|
| SOC 2 Type I | In progress | Formal attestation for the dFlow Cloud control plane is in progress. |
| SOC 2 Type II | In progress | Planned as a follow-on to Type I. |
| Privacy and data processing | On request | The Terms of Service describe how dFlow handles personal data. Contact [email protected] for privacy and data-processing questions. |
| Customer cloud and workload compliance | Customer responsibility | Workloads run in accounts, regions, and networks you select. Provider attestations and regulated workload design remain your responsibility. |
Security program
These practices cover the dFlow control plane and the product surfaces that reach your Worker Nodes.
Access management
Organisation membership uses role-based permissions. Teams can define custom roles with plan limits, and sign-in supports email and password with optional magic link or GitHub OAuth depending on workspace configuration.
Infrastructure and network
Worker Node management uses SSH and supported cloud provider APIs. Security groups are available for linked AWS, Azure, Google Cloud, and DigitalOcean accounts, and Tailscale is used for private connectivity between the control plane and nodes.
Monitoring and availability
Operational status is published at status.dflow.sh. Worker Nodes can use Beszel and Netdata when those tools are installed, and service logs and deployment history are available in the product.
Application security
Public application traffic is routed through the platform proxy with TLS. Sign-in flows can use Cloudflare Turnstile when enabled.
Product controls
Controls you can map to access reviews, change management, and backup planning.
Tenant isolation
Applications, servers, integrations, SSH keys, security groups, billing, and team membership are scoped to an Organisation.
Secrets and configuration
Environment variables and service configuration are stored in the control plane. Git, registry, and cloud integration credentials follow organisation permissions.
Data protection
Database services support backups and restore flows in the product. Those backups cover database services you configure in dFlow and are not a substitute for your own disaster-recovery planning.
Operational visibility
Deployments, builds, service logs, and infrastructure actions are visible in the dashboard. Some records include the member who triggered the change.
Data handling
Use this map with your privacy review. Workload data on Worker Nodes stays under your operational control unless you choose managed capacity in specific regions.
| Category | Examples | Role |
|---|---|---|
| Account and identity | Name, email, session, organisation membership | Operate dFlow Cloud accounts |
| Billing | Stripe customer, subscription, invoice, and wallet state | dFlow Cloud commercial relationship |
| Platform configuration | Projects, environments, domains, services, and non-secret variables | Deliver deployment and operations features |
| Infrastructure metadata | Server hostnames, SSH keys, linked cloud accounts, firewall rules | Provision and manage Worker Nodes |
| Deployment and operations | Build logs, deployment history, service logs, and node metrics | Operate and troubleshoot workloads |
| Customer content | Connected Git repositories, container images, and database data on your nodes | Customer-controlled workload data |
Updates
Follow product changes and operational notices outside this page.