Technical and Security Measures

Version dated: 31 July, 2025

Flodesk, Inc. (“Flodesk”) is a U.S. company that provides email marketing services.  Flodesk believes that security is central to maintaining customer trust and delivering our services.  

Flodesk takes a number of steps to protect customer data.  

Data Protection

Data at Rest: Data stored in databases and storage systems is encrypted using AES-256 encryption.

Data in Transit: We enforce TLS for all data transfers to ensure secure communication.

Data Backup: Regular encrypted backups are maintained and tested for restoration to protect against data loss.

Application Security

Vulnerability Scanning: Continuous automated scans are performed to detect known vulnerabilities in dependencies and application code.

Enterprise Security

Workforce Identity Access Management: We enforce strict identity and access controls through Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access to ensure only authorized personnel can access internal systems.

Endpoint Protection: All employee devices are monitored and protected with up-to-date endpoint security tools.

Security Training: Our team completes ongoing security awareness training to stay informed on best practices and evolving threats.