platform / trust center

Assurance and Reliability are Essential

At FloQast, trust is woven into the fabric of everything we do. We deploy industry-leading safeguards to maintain the confidentiality, availability, and integrity of your data and our services.

Compliance at FloQast

We’re happy to offer the following resources to help your business validate its compliance requirements.

Our Customer FloQast Admins can access our Audit Reports and Compliance Resources directly within the FloQast application, while our Prospects can request a copy of our Audit Reports and Compliance Resources directly from their Account Executive.

Let us know if you have any questions by sending them to compliancerequests@floqast.com.

Third-Party Audits and Certifications

FloQast complies with a range of industry-standard certifications and authorizations. Check out which ones we’re compliant with.

Learn More

Compliance Resources

In addition to third-party audits, FloQast makes the following documents and resources available to meet our customers’ due diligence needs.

Learn More

Third-Party Audits and Certifications

SOC 1 Type 2

FloQast certifies its systems annually to AICPA SOC 1 Type 2, successfully auditing FloQast’s controls relevant for the financial reporting of our customers.

SOC 2 Type 2

FloQast certifies its systems annually to AICPA SOC 2 Type 2, successfully auditing the operational and security processes of our services and our company.

ISO 27001

FloQast is ISO 27001 certified, proving our expertise in securely managing information technology systems.

ISO 27701

FloQast is ISO 27701 certified, proving our expertise in managing privacy information.

ISO 42001

FloQast is ISO 42001 certified, proving our expertise in managing artificial intelligence use and development.

EU-US Data Privacy Framework

FloQast has self-certified compliance with the EU-U.S. Data Privacy Framework and the UK extension to the EU-U.S.

Compliance Resources

FloQast certifies its systems annually to AICPA SOC 1 Type 2, successfully auditing FloQast’s controls relevant for the financial reporting of our customers.

FAQs and Quick Reference Guides

FloQast offers easy to use documentation covering topics including AI, Privacy, Security, Data Flow Diagrams, and more.

SOC 3

At FloQast, we understand the importance of trust in today's digital landscape, and that's why we've gone the extra mile to obtain a SOC 3 report. This report provides a high-level overview of our commitment to data protection, making it easily accessible for those who rely on our services.

Feel free to reach out if you have any questions or would like more information about our SOC 3 report and our commitment to safeguarding your data.

Compliance Report Bridge Letters

Bridge letters (also known as gap letters) are made available by FloQast to cover the period of time between the end date of the SOC reports and the current date.

Third Party Penetration Test

FloQast engages specialist security consulting firms to complete penetration tests on high risk products and infrastructure annually.

FloQast’s Policies, including Security, Privacy, and AI

FloQast shares our internal privacy and security policies with our customers for full transparency over how we protect and secure our customers’ data.

SIG Core

FloQast provides an up-to-date SIG Core, aligned with our rigorous controls and processes, ensuring transparency and confidence in our practices.

Privacy at FloQast

When you use FloQast, you’re trusting us with your information. This is a big responsibility, so we work hard to protect your information and put you in control.

FloQast's Data Privacy Framework Notice

Our Privacy Principles and Data Management Standards

Transparency

We will be transparent about what data we collect, why we collect it, and how it’s used. For more information on our privacy practices, visit our Privacy Policy.

Accountability

FloQast is committed to protecting personal information. Every employee at FloQast is trained on protecting personal information we control or process.

Choice and Consent

Whether you are a customer or website visitor, we put you in control by disclosing how we collect personal information and the rights you may have to opt-in or opt-out of our data collection practices.

Security Safeguards

FloQast maintains technical, administrative, and organizational measures designed to prevent accidental destruction, loss, alteration, and protect against unlawful processing of and unauthorized access to personal information.

Privacy Rights

FloQast has processes to help ensure that requests for access, deletion, and portability can be responded to appropriately and in a timely manner.

Privacy-by-Design

Privacy-by-design is a critical component of a proactive privacy program. Our compliance team frequently reviews the product roadmap and provides privacy guidance. Among other practices, FloQast leverages data minimization to help ensure personal data is accurate, complete and only processed to the extent to which it is necessary to meet the specified purposes.

Security at FloQast

Our clients rely on FloQast to safeguard their data, and we are committed to delivering features that inspire resilience, confidence, and trust in our platform. We prioritize security by embedding software engineering best practices and automation into everything we do. Our dedication shines through in the expertise of our team, the strength of our tools, and the continuous innovation from our developers, who work tirelessly to bring new features to our customers.

Application & Data Security

FloQast upholds industry leading cyber security practices

Multi-Layered Authentication

FloQast employs a multi-layered authentication process to ensure only authorized personnel can access sensitive data and systems

Secure Software Development

FloQast ensures security is designed into our product through our secure software development process

Incident Detection and Response

FloQast has a comprehensive incident response program in place to minimize the impact of security incidents and ensure a prompt and effective response

Bug Bounty Program

As part of FloQast's ongoing commitment to protecting Customer Data we maintain a bug bounty program that facilitates the efforts of white-hat hackers around the world

Security Details

Application & Data Security

Vulnerability Management

Penetration Testing

Encryption

Access Control

Secure Development

Multi-Layered Authentication

Strong Access Controls

Segregation of Duties

Multi-Factor Authentication

User Access Reviews

Security Key Management

Secure Software Development

Input Validation

Static Application Security Testing

Regular Security Testing

Incident Detection and Response

Real-time Security Events Monitoring and Alerting

Incident Response Planning

Intrusion Detection and Prevention Systems (IDP/IDS)

Bug Bounty Program

Why Does This Matter for Me as a Customer?

FloQast has a dedicated Application Security team focused on auditing changes made to our application. The team is involved in the design phase, conducts code reviews and pentest. To supplement all of these internal practices, FloQast also encourages and rewards independent researchers to find bugs in our application. By inviting researchers to audit our application we greatly expand the number of skilled individuals assessing our application and benefit from having our application battle tested every hour of the day using the latest techniques out there.

I’m a Security Researcher

If you want to report a bug, we have a public bug bounty program on HackerOne: https://hackerone.com/floqast. Any reports for https://www.floqast.com will not be accepted. Only our core application https://*.eu.floqast.app/ is in-scope. Please do not submit any reports through our Helpdesk or request a demo instance of our application through the “Book Now” button. Either of these actions will result in forfeit of any possible bounty.

AI at FloQast

FloQast’s AI Principles and Ethical Standards

FloQast certifies its systems annually to AICPA SOC 1 Type 2, successfully auditing FloQast’s controls relevant for the financial reporting of our customers.

Stakeholder Engagement

We ensure ongoing stakeholder engagement in our AI ethical practices through a leadership-sponsored program and review process. Our dedicated AI Committee and key stakeholders collaborate to guide the responsible development and governance of AI across the organization.

Continuous Improvement

We foster continuous improvement through clear communication channels, a strong compliance culture, and iterative R&D practices. Our teams stay ahead of trends by sharing insights, leveraging state-of-the-art technology, and ensuring alignment with our AI principles to drive innovation responsibly and effectively.

Ethics and Accountability

We commit to ethical AI development and use through 6 guiding principles that ensure our AI systems are responsible, transparent, and aligned with our values and stakeholder expectations.
• Risk Identification and Mitigation
• Patterns of Misuse
• AI Governance and Risk Management Policies
• Robust Security Controls
• International Technical Standards
• Data Input Measures and Protections

Risk Management and Information Security

We prioritize risk management and security through robust programs that underpin our AI Management System and align with industry-leading frameworks. We conduct annual risk assessments following ISO methodologies and ensure our AI practices meet rigorous standards for security and privacy.

Governance and Integrity

We uphold governance and integrity through a comprehensive Data Governance program designed to classify, manage, and protect data effectively. This ensures responsible data use and alignment with our commitment to ethical and transparent practices.

Customer Trust and Confidence

We prioritize customer trust with rigorous internal programs validated by third-party attestations. Our commitment ensures customers can confidently rely on our platform for processing their most sensitive data.