Warpflow
Signals

Security & compliance

How Warpflow protects your data with encryption, access controls, audit logging, and infrastructure security.

Your data is protected

Warpflow Signals is built for businesses that handle sensitive customer information. Whether you're a dental practice, law firm, or medical spa, your data is protected by enterprise-grade security at every layer.

Encryption

In transit: All data moving between your browser, our servers, and connected integrations is encrypted using TLS 1.2+. This includes API calls, webhook payloads, and dashboard access.

At rest: All stored data (messages, contact information, routing configurations, and audit logs) is encrypted at rest using industry-standard encryption keys. Encryption is always on and cannot be disabled.

Data storage

  • All data is stored in US-based data centers
  • Data is isolated per tenant; your data is never mixed with another business's data
  • Database access requires authentication and is restricted to authorized services only

Access controls

Dashboard access: Protected by user authentication with session management. Each user logs in with their own credentials.

API access: API keys are stored encrypted and are never exposed in logs or error messages.

Integration tokens: OAuth tokens for connected services (GoHighLevel, etc.) are stored encrypted and refreshed automatically.

Role-based access: Team members can be assigned roles that limit what they can view and configure.

Audit logging

Every significant action is logged:

  • Signal processing events: when messages are received, classified, routed, and responded to
  • Configuration changes: when routing rules, templates, or settings are modified
  • Access events: when protected data is viewed or exported
  • Signal Guard evaluations: every AI reply check is recorded with the recommendation and any violations

Audit logs can be exported as CSV or JSON for your compliance records. See the Signal Guard audit log tab for AI-specific compliance records.

PII handling

Warpflow automatically detects personally identifiable information (PII) in messages:

  • Detection: Incoming messages are scanned for patterns like phone numbers, email addresses, social security numbers, and health information
  • Protection: Detected PII is flagged and handled according to your tenant's compliance tier
  • Signal Guard: Signal Guard prevents AI replies from echoing back sensitive information that was shared in inbound messages

For healthcare businesses with HIPAA requirements, enhanced PII scanning is enabled automatically. See HIPAA Compliance for details.

Data retention and deletion

  • Signal data and audit logs are retained according to your plan's retention policy
  • You can request data deletion by contacting support@warpflow.ai
  • When a tenant is deactivated, all associated data is scheduled for deletion

Infrastructure security

  • Hosted on enterprise cloud infrastructure with SOC 2 compliant data centers
  • Network isolation between tenants
  • Automated security patching and monitoring
  • DDoS protection and rate limiting on all API endpoints
  • API error sanitization: error responses never expose stack traces, internal resource identifiers, account IDs, or internal file paths. All 5xx errors return a generic error message to the client while full details are logged internally for debugging.

Questions?

For security questions or to request documentation for your compliance team, email support@warpflow.ai.

Plan & Billing

Manage your plan, monitor usage, purchase credits, and view transaction history.

HIPAA compliance

What HIPAA compliance means for your practice when using Warpflow Signals, including what's covered, your responsibilities, and how Signal Guard protects patient data.

On this page

Your data is protectedEncryptionData storageAccess controlsAudit loggingPII handlingData retention and deletionInfrastructure securityQuestions?

We use cookies to understand how you use our site and improve your experience. Privacy Policy