Skip to main content
Neoflo maintains a rigorous set of industry-standard certifications and compliance frameworks so that enterprise customers can place data in our hands with confidence. Every certification we hold is independently verified, regularly renewed, and available for review by your security and legal teams. Whether you need to satisfy your own internal audit requirements or demonstrate compliance to regulators, Neoflo’s certifications are designed to support you.

Certifications and Compliance Frameworks

SOC 2 Type II

Neoflo is SOC 2 Type II certified across the security, availability, and confidentiality trust service criteria. Our controls are audited annually by an independent, accredited third-party auditor. The Type II designation confirms that our controls were not just designed correctly — they operated effectively over the full audit period.

ISO 27001

Neoflo is certified to ISO 27001, the international standard for information security management systems (ISMS). Our certification covers risk assessment and treatment, security control implementation, and a structured programme of continuous improvement — ensuring our security posture evolves alongside emerging threats.

GDPR

Neoflo complies with the EU General Data Protection Regulation. We provide Data Processing Agreements (DPAs) to document our obligations as a data processor, support data subject rights (access, erasure, portability), and offer EU data residency options so your personal data stays within the region you specify.

CCPA

Neoflo complies with the California Consumer Privacy Act. We operate as a service provider — not a data broker — and do not sell consumer personal information under any circumstances. We support your obligations to respond to consumer rights requests for access, deletion, and opt-out.

256-bit Encryption

All data stored on Neoflo infrastructure is encrypted using AES-256. All data in transit — including ERP connections, API calls, and file transfers — is encrypted using TLS 1.2 or higher. There are no unencrypted data paths anywhere in the platform.

VPC / SaaS Deployment

Neoflo offers flexible deployment to meet your data residency requirements. Choose our SOC 2 compliant managed cloud, or deploy within your own AWS, GCP, or Azure VPC for single-tenant, dedicated infrastructure where your data never leaves your environment.

Requesting Compliance Documentation

Your security and legal teams can request the following compliance documents directly from Neoflo:
  • SOC 2 Type II report: Full report from our most recent annual audit, covering security, availability, and confidentiality controls
  • ISO 27001 certificate: Current certificate confirming our ISMS meets the requirements of ISO 27001
  • Data Processing Agreement (DPA): Standard or custom DPA for GDPR compliance, documenting how Neoflo processes personal data on your behalf
To request any of these documents, contact us at hello@neoflo.ai. Our team will respond promptly and can accommodate custom NDA or legal review processes.
Compliance reports and certifications are made available under NDA for enterprise customers. If you have existing confidentiality agreements in place with Neoflo, those may already cover the exchange of compliance documentation — check with your account team.

Continuous Compliance

Certifications are not a one-time achievement — they require sustained effort to maintain. Neoflo’s security programme includes:
  • Annual penetration testing: Independent security firms conduct penetration tests against Neoflo’s infrastructure and application layer on an annual basis, with critical findings addressed on an accelerated remediation timeline.
  • Regular internal and external audits: In addition to certification audits, Neoflo conducts internal security reviews throughout the year to identify and address gaps before they become vulnerabilities.
  • Continuous security monitoring: Neoflo’s infrastructure is monitored around the clock for anomalous activity, intrusion attempts, and policy violations. Alerts are triaged by our security team in real time.
  • Vendor and supply chain reviews: Third-party vendors with access to Neoflo systems are assessed against our security requirements before onboarding and reviewed on an ongoing basis.
If you are a procurement or security team evaluating Neoflo, we are happy to complete your vendor security questionnaire. Reach out to hello@neoflo.ai and we will assign a security contact to work with you directly.