Security

Infrastructure

• Hosted on Vercel (frontend) and Amazon Web Services (database, storage)
• PostgreSQL database on AWS RDS with encryption at rest
• All data transmitted over HTTPS (TLS 1.2+)
• Media files stored in encrypted S3 buckets

Authentication

• OAuth 2.0 via Google, Discord, and email magic links
• We never store passwords — authentication is delegated to trusted identity providers
• Session tokens are HTTP-only, secure, and short-lived

Payments

All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. We never see or store your full card number.

Data Access

• Production database access is restricted to authorized team members only
• Your workflows are private by default
• Shared workflows use permission-based access (view-only or edit)
• API secrets stored in workflows are encrypted at rest

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly to [email protected]. We appreciate your help keeping Wireflow safe.