Trust Center
FlowManual is a document analysis platform for construction contractors. We treat your contracts, quotes, and invoices as the sensitive business records they are. Your data is encrypted, scoped to your own account, and never used to train anyone’s models. This page describes what the product does today, with anything not yet in place marked as roadmap.
Roadmap: single sign-on (SAML) and directory-based provisioning.
Every read and every write is scoped to your account and your projects. One company’s documents are never visible to another. There is no shared workspace and no cross-tenant lookup.
When you run document analysis, only the extracted plain text is sent to the analysis provider, under a zero-retention, no-training policy. Your original files are never transmitted. We do not sell your data and we do not use your document content for advertising.
The hosted service runs on a small, well-scoped set of providers. Each processes data only for the purpose listed below.
| Provider | Purpose | Region |
|---|---|---|
| DigitalOcean | Hosting and encrypted file storage | United States |
| Anthropic | Text-only document analysis, zero retention, no training | United States |
| Resend | Transactional and verification email | United States |
Before every document analysis call, we record an entry in a keyed activity log: the timestamp, the user, the document, the operation, the number of bytes sent, and a keyed HMAC-SHA-256 hash of the prompt. The hash lets the log be verified without storing the full prompt text, and the keyed signature makes entries tamper-resistant.
We collect no telemetry and run no tracking of any kind. There is no analytics vendor and no phone-home mechanism in the product.
We do not display badges or certifications we have not yet earned.
Data is protected by encrypted backups with a defined recovery process. A public status page is planned.
If you believe you have found a security issue, please report it to security@flowmanual.com. We will acknowledge your report and keep you updated as we investigate. Our contact details are also published at /.well-known/security.txt.
A security overview and our data processing terms are available on request. Email security@flowmanual.com and tell us what your review process needs.
Hosted cloud is the default and fits almost every customer. For organizations whose policy requires the software to run inside their own environment, a self-hosted deployment is available: the same product in a Docker container on your own server, with your files and encryption key staying on your infrastructure.