Web Analytics


Data protection and IT security for the iFlow application

Data and information protection is an essential part of the services offered by the iFlow application. We have implemented and continue to develop technical and organizational measures to ensure the secure processing of information.

We undertake to comply with the regulations in force regarding the processing of personal data and, in particular, Regulation no. 2016/679 (General Regulation regarding the protection of personal data - GDPR).

Program de lucru

Encryption & Anonymization

The personal data that iFlow app transmits to a client or other platforms is encrypted Transport Layer Security (TLS), especially HTTPS.

Prezenta reala


iFlow uses international services (in the EU) to host its software. The data centers used are ISO / IEC 27001 certified.

Dispozitive RFID


iFlow backs up the entire database daily. It is started by the "cron" program ("cron job") in the evening when the application has a small number of active users.

General information on data protection

  • How do I report a security issue to iFlow??

Please send an e-mail to [email protected]
We suggest that the e-mail includes the following information (if applicable):

  • The URL where the problem was reported
  • The name of the affected company and user
  • The type of affected information
  • Information about the device and the operating system used
  • Information on how the problem can be reproduced
  • Does iFlow have a data protection officer?

iFlow has a data protection officer. When a problem arises, the person in charge takes over the notification, investigates, and offers an answer.
For questions regarding data protection at iFlow, you can contact us at [email protected]

  • How does iFlow ensure that employees respect data privacy?

All iFlow employees are required to maintain the confidentiality of data, and data protection in general, and are aware of the consequences of any breach. They signed a confidentiality agreement, which states what personal data is and what the consequences are.

  • What happens if there is a breach of data privacy on iFlow?

In the unlikely event of a data security breach at iFlow, if a customer's personal data is affected and the infrigement is such as to pose a risk to the customer's rights and freedoms, iFlow will immediately notify the customer concerned, to enable them to fulfill their legal obligation to inform the regulatory authority and the persons concerned.

  • Has the application been developed in accordance with the provisions on data protection at the time of design?

Yes, data protection is an integral part of our strategy regarding products. Therefore, even in the development stage of our features, we carefully follow principles such as data economy and use state-of-the-art measures to ensure an adequate level of protection.

We have revised the default settings of the entire application and adapted them to provide the highest possible level of data protection, while ensuring ease of use, all based on GDPR.

In addition, the settings are generally all adaptable to the individual needs of the customer. To ensure this on an ongoing basis, we have also defined a process of permanently enforcing legal requirements in the product development and application review process accordingly.

  • Does the application comply with the General Data Protection Regulation of the European Union?

We are in conformity with the essential requirements of the EU GDPR at present. These include, in addition to the provisions of art. 25 of the EU GDPR on data protection by design and implicitly, supporting the client in respecting the rights of the persons concerned, such as the right to obtain the deletion of personal data, and the rights of access and portability of data (Chapter 3 of the EU GDPR) .

This allows the customer to delete the applicants' data either automatically or manually, as well as to block or completely and securely delete the employees' data.

Encryption & Anonymization

  • Is the data encrypted for transmission?

Yes, any personal data that the iFlow application transmits to a client or other platforms must be encrypted using Transport Layer Security (TLS), especially HTTPS. This requires establishing a secure connection between the two communication partners (client and server) before any data can be transmitted.

To encrypt the database we use the AES algorithm with a 256-bit key generated from a password with the SHA-256 algorithm implemented in "7zip".

Confidentiality & Integration

  • Where is the information stored?

iFlow uses the services of an international company located in Germany to host its software.

The data centers used are ISO / IEC 27001 certified and thus meet our high requirements for the physical security of our customers' data.

  • Who from iFlow and the service provider has access to customer information?

As a general rule, neither the data center staff nor the employees of the server company have access to your data.

Regarding iFlow, only our DevOps team (responsible of servers) and our technical team, as well as the customer support team (responsible for customer systems) will access the data when needed to help create an initial account, as well as for the processing of service requests. Access rights are granted on the basis of the need to know and are documented. In addition, access to customer systems is recorded.

  • How is user authentication performed in the application?

Access is granted only through personalized user accounts, each of which is clearly assigned to a person. In addition, there is the possibility to activate the 2 Factor Authentication function as an additional measure of account protection.

The registration has a username and password, the latter must contain different characters: letters, numbers and special characters. In addition, we recommend that our customers use two-factor authentication to achieve a higher level of protection.

  • Who has access to what information - on the client's side?

Access rights are generally designed to meet the requirements of art. 24 of the EU GDPR on data protection by default. This means that all employees with newly created user accounts do not have default rights beyond editing their own profile. As a client, you can manage the granting of access rights according to your protocol.

Disponibility and capacity

  • What does iFlow do to ensure system availability?

To increase the security of the server, we chose not to communicate directly with all computers on the Internet, but to communicate using the proxy service "CloudFlare". This service provides protection against known attacks, including the "Denial-of-service" attacks and most importantly: hides the location and real IP of the server.


  • Who backs up the information and using what program?

iFlow will back up daily. The daily backup is started by the "cron job" program in the evening when the application has a small number of active users.

Back-up database systems are stored exclusively in encrypted form. This means that it is not necessary for the beneficiary (client) to make their own backups. Periodic restoration tests are performed to ensure that the information has been stored correctly and can be restored if necessary.


  • Who owns the information?

The customer is and remains the owner and operator of the data within the meaning of art. 24 of the EU GDPR. In particular, this means that the client is responsible for respecting the rights of persons concerned (Chapter 3 of the EU GDPR). iFlow is the order processor and, in this capacity, processes your data exclusively according to your instructions and for the purposes set out in the data processing agreement.

  • What happens to the information if the customer gives up iFlow services or if iFlow is no longer available?

Upon termination of the business relationship, the persons duly authorized by the customer may request the delivery of the data in a digital format.

30 days after the termination of the agreement, the data is then deleted irretrievably, or can be deleted on request within 2 working days. In the unlikely event that iFlow stops its services, this procedure will, in principle, remain unchanged, as the customer is the owner of the data and iFlow is only a command processor and will not dispose of such personal data in any other way.