Log inGet started

Trust

Security and trust at Reqflo

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Reqflo is built for API validation workflows where teams need careful handling of environments, credentials, execution data, and shared validation assets.

Principles

Security principles

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore.

01

Least necessary data

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Reqflo should avoid collecting or storing data that is not needed to operate validation workflows.

02

Secrets-aware workflows

Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Reqflo should distinguish between reusable configuration and sensitive secret values.

03

Scoped execution

Ut enim ad minim veniam, quis nostrud exercitation. Runs should be scoped to the relevant account, environment, runner, and user permissions.

04

Clear team access

Duis aute irure dolor in reprehenderit in voluptate. Shared assets should be governed through account and team roles rather than ad hoc direct access.

Founder / security review required. Lorem ipsum placeholder. Confirm exact encryption, masking, logging, and retention behavior before finalizing this section.

Secrets & environment values

How sensitive values are handled

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Reqflo is designed to support secrets-aware API validation workflows. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • Lorem ipsum dolor sit amet, consectetur adipiscing elit.
  • Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris.
  • Sensitive values should not be exposed in public UI surfaces.
  • Where supported, local execution can keep environment values close to local workflows.

Execution

Local, cloud, and CI runners

local

Local runner

Lorem ipsum dolor sit amet. Useful when teams want validation to execute close to local and dev environments.

cloud

Cloud runner

Consectetur adipiscing elit. Useful for managed execution, team visibility, and repeatable validation runs.

ci

CI runner

Sed do eiusmod tempor. Useful for release checks and pipeline evidence across build and deploy stages.

Access control

Account and team roles

  • Account and team-based access.
  • Roles and admin management.
  • Shared resources governed by scope.
  • Roadmap items, clearly marked as future.

Data retention

What we keep, and for how long

run_history
Lorem ipsum — retained according to plan and product configuration.
sensitive_data
Consectetur adipiscing — retention should be minimized.
ga_status
Sed do eiusmod — details finalized before general availability.

Infrastructure & vendors

Subprocessors

Lorem ipsum dolor sit amet. Reqflo's infrastructure and subprocessors will be documented before general availability.

Responsible disclosure

Report a vulnerability

Consectetur adipiscing elit. If you believe you've found a security issue, get in touch and we'll respond.

Contact security

This page is provided for product transparency and is not a certification or compliance report.