Certifications and Compliance Frameworks
SOC 2 Type II
Neoflo is SOC 2 Type II certified across the security, availability, and confidentiality trust service criteria. Our controls are audited annually by an independent, accredited third-party auditor. The Type II designation confirms that our controls were not just designed correctly — they operated effectively over the full audit period.
ISO 27001
Neoflo is certified to ISO 27001, the international standard for information security management systems (ISMS). Our certification covers risk assessment and treatment, security control implementation, and a structured programme of continuous improvement — ensuring our security posture evolves alongside emerging threats.
GDPR
Neoflo complies with the EU General Data Protection Regulation. We provide Data Processing Agreements (DPAs) to document our obligations as a data processor, support data subject rights (access, erasure, portability), and offer EU data residency options so your personal data stays within the region you specify.
CCPA
Neoflo complies with the California Consumer Privacy Act. We operate as a service provider — not a data broker — and do not sell consumer personal information under any circumstances. We support your obligations to respond to consumer rights requests for access, deletion, and opt-out.
256-bit Encryption
All data stored on Neoflo infrastructure is encrypted using AES-256. All data in transit — including ERP connections, API calls, and file transfers — is encrypted using TLS 1.2 or higher. There are no unencrypted data paths anywhere in the platform.
VPC / SaaS Deployment
Neoflo offers flexible deployment to meet your data residency requirements. Choose our SOC 2 compliant managed cloud, or deploy within your own AWS, GCP, or Azure VPC for single-tenant, dedicated infrastructure where your data never leaves your environment.
Requesting Compliance Documentation
Your security and legal teams can request the following compliance documents directly from Neoflo:- SOC 2 Type II report: Full report from our most recent annual audit, covering security, availability, and confidentiality controls
- ISO 27001 certificate: Current certificate confirming our ISMS meets the requirements of ISO 27001
- Data Processing Agreement (DPA): Standard or custom DPA for GDPR compliance, documenting how Neoflo processes personal data on your behalf
Compliance reports and certifications are made available under NDA for enterprise customers. If you have existing confidentiality agreements in place with Neoflo, those may already cover the exchange of compliance documentation — check with your account team.
Continuous Compliance
Certifications are not a one-time achievement — they require sustained effort to maintain. Neoflo’s security programme includes:- Annual penetration testing: Independent security firms conduct penetration tests against Neoflo’s infrastructure and application layer on an annual basis, with critical findings addressed on an accelerated remediation timeline.
- Regular internal and external audits: In addition to certification audits, Neoflo conducts internal security reviews throughout the year to identify and address gaps before they become vulnerabilities.
- Continuous security monitoring: Neoflo’s infrastructure is monitored around the clock for anomalous activity, intrusion attempts, and policy violations. Alerts are triaged by our security team in real time.
- Vendor and supply chain reviews: Third-party vendors with access to Neoflo systems are assessed against our security requirements before onboarding and reviewed on an ongoing basis.