Security at Flexivity AI

Flexivity AI is built around a simple idea: the best way to protect sensitive data is to avoid holding it in the first place. Personally identifiable information is scrubbed from ticket content before it reaches our cloud, our AI models, or our databases. Everything else — encryption, access controls, monitoring, and compliance — is built on top of that foundation.

This page is a plain-language summary. If you are evaluating Flexivity AI and need architectural detail, we share a comprehensive Security & Trust Overview under NDA — see Request the full overview below.

Our approach

Privacy by default. Personally identifiable information is detected and scrubbed from ticket content before it enters our processing pipeline. We use Microsoft Presidio  to detect names, email addresses, phone numbers, physical addresses, account numbers, and other common PII categories. Only scrubbed, placeholder-substituted data is persisted.

Defense in depth. No single control protects your data on its own. Authentication, encryption, network isolation, PII scrubbing, and automated tenant isolation each provide independent layers. Critical controls are enforced by automation, not convention.

Minimum credential footprint. We don’t store customer helpdesk passwords or long-lived helpdesk API keys. The secrets we do hold — signing keys, OAuth tokens, and similar — are stored in AWS Secrets Manager, customer-revocable, and used only where they are strictly required.

What this means in practice

Your ticket content stays scrubbed. Raw ticket content with PII is never written to Flexivity AI storage. If you use our on-premise deployment option, raw PII does not leave your network at all.

Everything runs on AWS. Flexivity AI is hosted entirely on Amazon Web Services. All data storage, all processing, and all AI model inference happen inside our AWS environment. Customer data does not traverse third-party services outside AWS.

AI models never see your PII. We use large language models hosted on Amazon Bedrock within our AWS account. Models process only scrubbed text. Per Bedrock’s terms, prompts and completions are not used to train or improve foundation models and are not shared with model providers.

You control your data. Per-ticket deletion is supported for right-to-erasure requests. Customer administrators can rotate credentials themselves. Upon termination, customer data is deleted within 30 days. Data residency is in the United States, with additional regions available on request.

Availability is tracked publicly. We publish real-time service status and incident history at status.flexivity.ai . You can subscribe to updates via RSS .

Multi-tenant isolation is enforced, not just documented. Every database query against multi-tenant data is automatically validated to confirm appropriate tenant scoping. Queries missing the required isolation filter fail integration tests and trigger alerts in production — so tenant isolation is a system property, not a coding discipline.

Compliance

We maintain a SOC 2 readiness posture across the Trust Services Criteria for Security, Availability, and Confidentiality. SOC 2 Type 1 attestation is in preparation. The controls that will be attested — encryption, access management, vulnerability scanning, network isolation, automated backups, logging, and incident response — are already in place and operating.

Flexivity AI implements privacy-supporting controls including PII minimization by design, targeted data deletion, and regional data residency.

Request the full overview

For prospects, customers, and security teams that need architectural and control detail beyond what is summarized here, we maintain a comprehensive Security & Trust Overview. It covers the full authentication surface across our integrations, infrastructure architecture, PII redaction pipeline, audit logging, incident response, subprocessor list, and SOC 2 control mapping.

Contact

For security questions or to request the full overview: security@flexivity.ai