Flowtriq Trust Center | Security, Privacy & Compliance
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance

Trust Center

Security · Privacy · Compliance · April 2026

Everything you need to evaluate Flowtriq as a vendor: our security architecture, compliance posture, privacy practices, and legal documentation — all in one place. Operated by traztech, a Canadian company.

GDPR

EU General Data Protection Regulation. Article-by-article mapping, data subject rights, lawful bases, and sub-processor list.

Implemented

NIS2 Directive

EU Network and Information Security Directive 2. How Flowtriq maps to Article 21 security measures for covered entities.

Full mapping

Data Flow Document

What data is transmitted, where it goes, which sub-processors handle it, and how long it is retained.

Published

EU Frameworks

ePrivacy Directive, DORA, Cyber Resilience Act, EU AI Act, German BDSG, Swiss nDSG, and ISO 27001 controls alignment.

Published

PIPEDA (Canada)

Canada's federal privacy law. The 10 fair information principles mapped to Flowtriq's practices. Includes CASL note.

Implemented

SOC 2 / PCI / HIPAA

Compliance brief covering SOC 2 Type II, PCI-DSS 4.0, and HIPAA safeguard mappings for audit teams.

Published

Security Practices

Infrastructure, encryption, access control, audit logging, application security, and vulnerability disclosure.

Published

Incident Response

How Flowtriq detects, contains, and communicates security incidents — timelines, notifications, and breach register.

Published

Business Continuity

Uptime SLA, infrastructure redundancy, disaster recovery, maintenance windows, and the agent-first availability model.

Published

Sub-Processors

Current list of third-party data processors, their locations, purposes, and applicable transfer mechanisms.

Published

Cookie Policy

Every cookie Flowtriq sets: name, purpose, duration, and category. Strictly necessary, functional, and analytics.

Published

Data Retention

How long each category of data is kept, when it is deleted, and what legal obligations extend the timeline.

Published

Vulnerability Disclosure

Responsible disclosure policy: scope, process, safe harbor, and how to report a security finding.

Published

Compliance Status Overview

RequirementStatusNotes
Privacy Policy (GDPR Art. 13/14) Implemented Published at flowtriq.com/legal, effective March 10, 2026.
Data Processing Agreement (DPA) Implemented Published at flowtriq.com/legal, effective March 18, 2026. Available for customer execution.
Data Subject Rights Handling Implemented 30-day response SLA. Access, erasure, portability, and rectification via [email protected].
Data Center Location Implemented Primary application servers located in Canada. See Data Flow document.
Encryption in Transit (TLS) Implemented HTTPS enforced across all surfaces. HSTS with one-year max-age.
Access Control (GDPR Art. 32, NIS2 Art. 21) Implemented RBAC with 4 roles. TOTP + email 2FA. Session management with secure cookies.
Audit Logging (GDPR Art. 32, NIS2 Art. 21) Implemented Tamper-evident SHA-256 hash-chained audit log. All user and system actions recorded.
Sub-processor Data Protection Implemented All sub-processors have data protection obligations. DPF-certified processors include Stripe, Google, Cloudflare, and LinkedIn. Full list in Data Flow document.
NIS2 Article 21 Security Measures Substantially met Incident detection, RBAC, cryptography, MFA, logging, and business continuity controls all implemented. Full mapping on NIS2 page.
PIPEDA Compliance Implemented Flowtriq is a Canadian company (traztech). All 10 fair information principles addressed. See PIPEDA page.
ISO 27001 Controls Alignment Strong alignment Substantial Annex A controls implemented: RBAC, MFA, audit logging, TLS, encrypted credentials, incident detection. See EU Frameworks page.
Questions about Flowtriq's compliance posture?
For enterprise procurement, DPA execution, or vendor security questionnaires, contact [email protected]. For data subject requests, contact [email protected].
Enterprise procurement?
For vendor questionnaires, DPA execution, pen test report requests (NDA required), or custom security reviews, contact [email protected]. For data subject requests: [email protected].
Flowtriq, a brand of traztech · flowtriq.com · April 2026
This Trust Center is for informational purposes only and does not constitute legal advice. Compliance obligations depend on each organisation's specific circumstances.