The honest security page.
What we ship today, what we're working on, and what we're explicitly not doing yet. Because procurement teams deserve a real answer.
Shipped
What we have in production today.
TLS 1.3 everywhere
All web + API traffic over HTTPS. HSTS enabled. SSL Labs A+.
Encryption at rest
All customer data encrypted at rest on AWS RDS with managed keys.
Workspace isolation
Each workspace's competitive intel is logically isolated by tenant ID and enforced at every query.
Public-only scraping
We only scrape publicly accessible pages. No login flows, no paywalls, no PII.
security.txt
Responsible disclosure path published at /.well-known/security.txt.
Email auth
SPF, DKIM, and DMARC enforced on all outbound mail. BIMI in progress.
In progress
Where we're investing this year.
Each item below has a real ETA. We'll mark shipped on this page when they close.
SOC 2 Type II
Target Q4 2026
Auditor engagement underway. Type I report available on request.
GDPR DPA + SCCs
Available on request
Standard contractual clauses ready for EU customers.
SSO (SAML / OIDC)
Available on Business+
Google, Okta, Azure AD.
Audit logs + SCIM
Available on Business+
Tamper-evident audit logs + user provisioning.
On-prem / VPC
Enterprise · custom scope
Air-gapped deployments on AWS / GCP / Azure for regulated industries.
Responsible disclosure
Found something? Email security@qfloo.com or see our security.txt. We respond within 24 hours and credit researchers publicly with permission.
Ready when you are
See what changed. Know what to ship next.
Competitors move every week. QFLOO keeps a cited picture of the landscape next to your roadmap—so product and GTM stop recycling half-remembered stories.
- Every insight tied to a public URL you can audit
- Gaps ranked so roadmap reviews end with owners
- Workspace live in minutes — 7-day trial, no card
7-day free trial · No credit card · Cancel anytime