What your clients tell you,
stays with you.
Flatre handles transaction-grade data: client PII, signed contracts, mailbox threads, commission ledgers. The page below describes — concretely — what we do to protect it, what we don't do with it, and what we have not yet earned the right to claim.
AI inside your workspace,
under your control.
The unique question of an AI-native platform isn't whether the database is encrypted. It's what the agents are allowed to do, what they remember, and where your data goes when it leaves your screen. Here's the answer.
Scoped agents
Every agent runs against the workspace it was authorized for. No cross-workspace reach. No silent expansion of scope. Integration tokens belong to the connecting member, not the system.
Human in the loop where it matters
New workspaces start on Trusted Auto: low-risk client messages send automatically once they pass safety checks, and anything higher-risk stays for your review. Switch any category to Propose Only to review everything first — reversible, and visible in the audit log. See the trust modes →
Not used for training
We do not use customer or client content to train third-party AI models. Prompts are sent to LLM providers under zero-retention or limited-retention terms.
Audit log
Agent activity summaries and account-affecting events are recorded with actor, target, and time. Retention follows the workspace plan and legal/security requirements.
Retention windows
Inbox content syncs only what the agent needs to act on. Documents stay until you remove them. Agent prompt logs are retained 30 days for debugging, then deleted.
Encrypted in transit and at rest,
hosted in the US.
Standard cryptographic controls, applied uniformly. No exceptions for "internal" services, no plaintext backups, no shared passwords across environments.
Encrypted in transit
TLS 1.2+ for all connections — browser, mobile, integrations, internal service-to-service. HSTS enforced on production hostnames.
Encrypted at rest
Application data and attachments are stored with encrypted managed database and object-storage providers. Passwords are hashed; integration credentials are encrypted server-side.
US data residency
Production infrastructure runs in US regions. Cross-border transfers, where unavoidable, rely on Standard Contractual Clauses with the receiving processor.
Sub-processors
Hosting, API infrastructure, database/storage, email delivery, billing, AI, OAuth, calendar/mailbox, brokerage MLS, lead, and e-signature providers are reviewed before production use.
How you sign in,
and stay signed in.
Passwordless by default. Phishing-resistant by design. Sessions you control — per-device revocation, no long-lived bearer cookies after sign-out.
SSO sign-in
Google and Microsoft OAuth for the founders and team members already in your identity provider. Profile data only — no mailbox scope until you connect a mailbox separately.
Passkeys
WebAuthn passkeys are supported as a primary authentication method — phishing-resistant, hardware-bound, and replace passwords for any account that registers one.
Workspace permissions
Members are scoped to a workspace and a role. Owners control invitations and removals. Integration tokens belong to the connecting member, not the workspace.
Session controls
Sessions are revocable per device. Authenticated routes verify on every request — no long-lived bearer cookies left around after sign-out.
What we are,
and aren't yet.
Compliance is a process, not a logo. We name the work in flight and the rights already honored. No aspirational claims. No certifications we haven't earned.
SOC 2
SOC 2 readiness is underway for Security and Confidentiality. No SOC 2 report has been issued yet; we are building the controls and evidence before auditor kickoff.
CCPA / CPRA
California residents may access, correct, export, or delete personal information we hold. We do not sell personal information and do not engage in cross-context behavioral advertising.
Real-estate context
Workspace content includes contracts, disclosures, and counterparty data. We support retention policies for transaction records; closing your account triggers deletion of the rest.
Export & deletion
Owners can request workspace exports and deletion through support. Requests are verified, checked against retention/legal obligations, and handled through the same privacy response workflow.
Found something?
Tell us first.
We accept responsible disclosure of security issues from researchers and customers alike. Detail what you found and how to reproduce it — we'll acknowledge, investigate, and credit you in the fix.