> ## Documentation Index
> Fetch the complete documentation index at: https://docs.neoflo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security at Neoflo: Enterprise-Grade Data Protection

> Neoflo is built for enterprise security — SOC 2 Type II, ISO 27001, GDPR, and CCPA compliant with 256-bit encryption and full audit trails.

Neoflo processes sensitive financial and operational data on your behalf, which means security is foundational to everything we build — not an afterthought bolted on at the end. From the moment data enters our platform to the moment it is deleted, every interaction is encrypted, logged, and governed by strict access controls. Our security posture is validated by independent third-party audits and continuously maintained through regular penetration testing and automated monitoring.

## Core Security Principles

Neoflo's security model is built on four pillars that apply across every deployment option and every customer environment.

* **Encryption everywhere**: All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. There are no unencrypted data paths.
* **Role-based access control**: Access to your data — both for your team and for Neoflo staff — is governed by least-privilege roles. No one sees more than they need to.
* **Complete audit logging**: Every action taken on your data is recorded in a tamper-evident audit trail. You can review, export, and reference logs at any time.
* **Regular penetration testing**: Neoflo engages independent security firms to conduct penetration tests on a regular cadence, validating our controls against real-world attack scenarios.

## Deployment Options

Neoflo offers two deployment models to match your organisation's data residency, compliance, and infrastructure requirements.

### Managed Cloud

Neoflo's managed cloud is a hosted, multi-tenant environment operated by Neoflo. Your data is logically isolated from other customers using strict tenancy controls. The environment is SOC 2 Type II certified, continuously monitored, and maintained by Neoflo's security team — so you get enterprise-grade protection without managing infrastructure yourself.

### Customer VPC

For organisations with stricter data residency or sovereignty requirements, Neoflo can deploy entirely within your own cloud environment — AWS, GCP, or Azure. In this single-tenant configuration, your data never leaves your infrastructure. You retain full control over networking, access policies, and data boundaries, while Neoflo's agents and automation layer run inside your perimeter.

<Note>
  For customers with strict data residency or sovereignty requirements, the Customer VPC deployment option is recommended. Your data never leaves your cloud environment, giving you complete control over where it lives and who can access it.
</Note>

## Key Security Features

<CardGroup cols={2}>
  <Card title="256-bit Encryption" icon="lock">
    AES-256 encryption protects all data at rest. TLS 1.2+ secures all data in transit across every connection, including ERP integrations and API calls.
  </Card>

  <Card title="SOC 2 Type II" icon="shield-check">
    Neoflo is SOC 2 Type II certified, covering security, availability, and confidentiality controls — audited annually by an independent third party.
  </Card>

  <Card title="ISO 27001" icon="certificate">
    Our information security management system is ISO 27001 certified, meeting the international standard for risk assessment, controls, and continuous improvement.
  </Card>

  <Card title="Complete Audit Trail" icon="list-check">
    Every action taken on your data is captured in a full audit trail. Logs are tamper-evident, exportable, and available for your compliance and governance reviews.
  </Card>

  <Card title="Role-Based Access Control" icon="users">
    Granular roles let you control exactly who on your team can view dashboards, access reports, and manage integrations — with no more access than necessary.
  </Card>

  <Card title="Regular Penetration Testing" icon="bug">
    Independent security firms test Neoflo's infrastructure and application layer regularly, identifying and remediating vulnerabilities before they become risks.
  </Card>
</CardGroup>

## Learn More

Dive deeper into how Neoflo handles your data and the certifications we maintain:

* [Data Handling and Privacy](/security/data-handling) — how Neoflo ingests, processes, stores, and deletes your data
* [Compliance Certifications](/security/certifications) — SOC 2 Type II, ISO 27001, GDPR, and CCPA details
