Security & Privacy at Flint

Certifications

Flint obtained SOC 2 Type II compliance in January 2025. Our SOC 2 Type II report is available by emailing support@flint.cc.

Security Policies

  1. Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.

  2. Security controls should be implemented and layered according to the principle of defense-in-depth.

  3. Security controls should be applied consistently across all areas of the organization

  4. The implementation of policies should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Data Protection

  1. Data at Rest
    All datastores with customer data are encrypted at rest.

  2. Data in Transit
    Flint uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. Server TLS keys and certificates are managed by our cloud provider and deployed via Application Load Balancers.

  3. Secret Management
    Application secrets are encrypted and stored securely via our cloud provider’s Secrets Manager and Parameter Store, and access to these values is strictly limited.

Product Security

  1. Vulnerability Scanning
    Flint requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):

  • Static analysis (SAST) testing of code during pull requests and on an ongoing basis

  • Software composition analysis (SCA) to identify known vulnerabilities in our software supply chain

  • Malicious dependency scanning to prevent the introduction of malware into our software supply chain

Data Privacy

  1. At Flint, data privacy is a first-class priority—we strive to be trustworthy stewards of all sensitive data.

  2. View Flint’s Privacy Policy

If you have any questions about Security & Privacy at Flint, please contact us at: security@flint.cc