Platform / Trust Center

Assurance and Reliability are Essential

At FloQast, trust is woven into the fabric of everything we do. We deploy industry-leading safeguards to maintain the confidentiality, availability, and integrity of your data and our services.


We’re happy to offer the following resources to help your business validate its compliance requirements.

Third-Party Audits and Certifications

FloQast complies with a range of industry-standard certifications and authorizations. Check out which ones we’re compliant with.

Learn More

Compliance Resources

In addition to third-party audits, FloQast makes the following documents and resources available to meet our customers’ due diligence needs. 

Learn More

Our Customer FloQast Admins can access our Audit Reports and Compliance Resources directly within the FloQast application, while our Prospects can request a copy of our Audit Reports and Compliance Resources directly from their Account Executive.

Let us know if you have any questions by sending them to [email protected].

Third-Party Audits and Certifications

SOC 1 Type 2

FloQast certifies its systems annually to AICPA SOC 1 Type 2, successfully auditing FloQast’s controls relevant for the financial reporting of our customers.

SOC 2 Type 2

FloQast certifies its systems annually to AICPA SOC 2 Type 2, successfully auditing the operational and security processes of our services and our company. 

ISO 27001

FloQast is ISO 27001 certified, proving our expertise in securely managing information technology systems.

ISO 27701

FloQast is ISO 27701 certified, proving our expertise in managing privacy information.

Compliance Resources

  • FloQast Product Security FAQ

    The Product Security FAQ provides a data flow diagram and frequently asked questions related to integrations and data handling.

  • SOC 3

    At FloQast, we understand the importance of trust in today's digital landscape, and that's why we've gone the extra mile to obtain a SOC 3 report. This report provides a high-level overview of our commitment to data protection, making it easily accessible for those who rely on our services.

    Feel free to reach out if you have any questions or would like more information about our SOC 3 report and our commitment to safeguarding your data.

  • Compliance Report Bridge Letters

    Bridge letters (also known as gap letters) are made available by FloQast to cover the period of time between the end date of the SOC reports and the current date.

  • FloQast ISO 27001 Statement of Applicability

    FloQast makes our ISO 27001 Statement of Applicability available to customers upon request. The Statement of Applicability states the Annex A controls that FloQast has determined to be necessary for mitigating information security risk and any Annex A controls that have been excluded.

  • Third Party Penetration Test

    FloQast engages specialist security consulting firms to complete penetration tests on high risk products and infrastructure annually.

  • FloQast’s Privacy and Security Policies

    FloQast shares our internal privacy and security policies with our customers for full transparency over how we protect and secure our customers’ data.


When you use FloQast, you’re trusting us with your information. This is a big responsibility, so we work hard to protect your information and put you in control.


Our Privacy Principles and Data Management Standards

  • Transparency

    We will be transparent about what data we collect, why we collect it, and how it’s used. For more information on our privacy practices, visit our Privacy Policy.

  • Accountability

    FloQast is committed to protecting personal information. Every employee at FloQast is trained on protecting personal information we control or process. 

  • Choice and Consent

    Whether you are a customer or website visitor, we put you in control by disclosing how we collect personal information and the rights you may have to opt-in or opt-out of our data collection practices.

  • Security Safeguards

    FloQast maintains technical, administrative, and organizational measures designed to prevent accidental destruction, loss, alteration, and protect against unlawful processing of and unauthorized access to personal information.

  • Privacy Rights

    FloQast has processes to help ensure that requests for access, deletion, and portability can be responded to appropriately and in a timely manner.

  • Privacy-by-Design

    Privacy-by-design is a critical component of a proactive privacy program. Our compliance team frequently reviews the product roadmap and provides privacy guidance. Among other practices, FloQast leverages data minimization to help ensure personal data is accurate, complete and only processed to the extent to which it is necessary to meet the specified purposes.


Our clients entrust FloQast with their data, and as such, it is our mission to deliver features that provide resilience, confidence, and trust in our platform. We believe in scaling security through software engineering best practices and automation. We are proud to say that we have invested heavily in our security team and will continue to invest in our team, tooling and our developers who are pushing new features to our customers continuously.

Application & Data Security

FloQast upholds industry leading cyber security practices

Learn More

Multi-Layered Authentication

FloQast employs a multi-layered authentication process to ensure only authorized personnel can access sensitive data and systems

Learn More

Secure Software Development

FloQast ensures security is designed into our product through our secure software development process

Learn More

Incident Detection and Response

FloQast has a comprehensive incident response program in place to minimize the impact of security incidents and ensure a prompt and effective response

Learn More

Bug Bounty Program

As part of FloQast's ongoing commitment to protecting Customer Data we maintain a bug bounty program that facilitates the efforts of white-hat hackers around the world

Learn More

Application & Data Security

  • Vulnerability Management

  • Penetration Testing

  • Encryption

  • System Hardening

  • Network Segmentation

  • Firewalls

  • Antivirus

Multi-Layered Authentication

  • Strong Access Controls

  • Segregation of duties

  • Multi-Factor Authentication

  • User Access Reviews

  • Security Key Management

Secure Software Development

  • Input Validation

  • Real-Time Code Analysis

  • Output Encoding

Incident Detection and Response

  • Real-time security events monitoring and alerting

  • Incident Response Planning

  • Intrusion Detection and Prevention Systems (IDP/IDS)

Bug Bounty Program

  • Why does this matter for me as a customer?

    FloQast has a dedicated Application Security team focused on auditing changes made to our application. The team is involved in the design phase, conducts code reviews and pentest. To supplement all of these internal practices, FloQast also encourages and rewards independent researchers to find bugs in our application. By inviting researchers to audit our application we greatly expand the number of skilled individuals assessing our application and benefit from having our application battle tested every hour of the day using the latest techniques out there.

  • I’m a Security Researcher

    If you want to report a bug, we have a public bug bounty program on HackerOne: Any reports for will not be accepted. Only our core application https://* is in-scope. Please do not submit any reports through our Helpdesk or request a demo instance of our application through the “Book Now” button. Either of these actions will result in forfeit of any possible bounty.

We're Hiring!

At FloQast we’re always looking to have top talent join our security team. Go check out the open Security roles we have available. If we don’t have a role open that matches perfectly, that’s okay – we’re growing quickly and would still like to hear from you.

View Positions