Flowtriq Data Flow Document | What Data We Process & Where
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance
Trust Center

Data Flow Document

What data is processed, where, and by whom · Flowtriq · April 2026

Purpose of This Document

This document describes what personal and operational data Flowtriq collects, processes, and transmits, where that data is stored or forwarded, and which third-party processors are involved. It is intended for use by DPOs, procurement teams, and security reviewers conducting vendor assessments.

Flowtriq operates as a real-time DDoS detection and alerting platform. The core agent (ftagent) runs on the customer's own Linux servers and transmits network telemetry to the Flowtriq cloud platform for analysis, visualisation, and alerting.

Infrastructure Overview

ComponentDescriptionLocation
Flowtriq application platform Web dashboard, REST API, agent API, and billing portal. Runs on dedicated servers operated by traztech. Canada
Database All customer data, metrics, incidents, audit logs, and configuration stored in a relational database on the application server. Canada (same data center as application platform).
Cloudflare (CDN / Proxy) All inbound traffic to flowtriq.com is proxied through Cloudflare's global network before reaching the origin server. Cloudflare sees visitor IP addresses, request headers, and request content. Cloudflare operates a global network. EU traffic may be served from EU Cloudflare PoPs. Cloudflare is EU-U.S. DPF certified.
ftagent (on-premises) Lightweight Python agent installed on the customer's own Linux servers. Collects local network metrics and transmits them to the Flowtriq API. Runs on the customer's infrastructure. Data in transit to Flowtriq API over TLS.

Data Flows

Flow 1 — Website Visitor

Data generated when any person visits flowtriq.com without registering. All analytics and marketing tracking applies.

  1. Visitor browser connects to Cloudflare (CDN/proxy). Cloudflare logs IP address, request headers, and URL. Bot detection (Turnstile) may fingerprint the browser.
  2. Cloudflare forwards the request to the Flowtriq origin server. The server logs the IP address (via Cloudflare CF-Connecting-IP header).
  3. Browser loads Google Tag Manager (Google LLC, US), which fires Google Analytics 4 (pageviews, events, device type, approximate location) and Google Ads conversion tags.
  4. Browser loads LinkedIn Insight Tag (LinkedIn Corporation, US) — tracks page visits for ad attribution.
  5. Browser loads ContentSquare (ContentSquare SAS, France) — session analytics, scroll depth, and UX heatmaps.
  6. Browser loads Apollo.io (Apollo.io Inc., US) — identifies company-level visitors by IP for sales intelligence.
  7. Browser loads Tawk.to chat widget (Tawk.to Inc., US) — live support chat; logs chat transcripts if visitor initiates conversation.
  8. If the visitor completes the newsletter signup form, their email is sent to the Flowtriq server and stored in the application database. No third-party ESP is used for opt-in confirmation.

Flow 2 — Registered User (Dashboard)

Data generated during account creation and dashboard usage.

  1. User registers with email, name, and password. Password is hashed (bcrypt) before storage. The email address is stored in the Flowtriq application database.
  2. Account verification email is dispatched via Twilio SendGrid (Twilio Inc., US). SendGrid receives the recipient email address and email content.
  3. If 2FA is enabled: a TOTP secret is generated and stored (TOTP setup), or a one-time code is sent via email (SendGrid).
  4. Successful logins create a session. Session identifiers stored as a secure cookie. The user's IP address (via Cloudflare) is recorded in the audit log.
  5. Billing setup: customer is redirected to a Stripe (Stripe Inc., US) hosted payment page. Card data is collected by Stripe and never touches Flowtriq servers. Flowtriq stores only the Stripe customer ID and subscription ID.
  6. Dashboard requests are served from the Flowtriq application server. All queries and responses traverse Cloudflare.
  7. If the user configures an SMS notification channel, SMS messages are dispatched via TextBelt (TextBelt Inc., US). TextBelt receives the recipient phone number and message content.
  8. All user actions (logins, configuration changes, incident acknowledgements, API key creation) are written to the tamper-evident audit log on the Flowtriq server.

Flow 3 — Monitored Server (ftagent)

Data generated by the ftagent process running on the customer's Linux server.

  1. ftagent monitors the server's network interfaces. It collects: packets per second (PPS), bits per second (BPS), protocol distribution (TCP/UDP/ICMP percentages), and connection count — all aggregated counters with no payload content.
  2. Metric data is transmitted to the Flowtriq API over HTTPS (TLS). Authentication uses a per-node API key.
  3. Metrics are stored in the Flowtriq application database. They are associated with the customer's workspace and node record.
  4. If an anomaly is detected: ftagent generates an incident record containing attack family, severity, confidence score, peak PPS/BPS, estimated source IP count, geographic/ASN distribution of sources (percentages, not raw IP lists), and a spoofing/botnet flag. This is transmitted to the Flowtriq API and stored.
  5. If PCAP capture is enabled for the node: ftagent captures packet data from the ring buffer (pre-attack and during-attack traffic). Packet captures may contain IP header information (source/destination IPs) from the customer's network traffic. PCAP files are uploaded to the Flowtriq server and stored. They are available for download by the customer for up to 7 days (standard) or up to 365 days (enterprise).
  6. Threat intelligence: ftagent periodically pulls IOC (Indicator of Compromise) patterns from the Flowtriq API to match against observed source IPs.
  7. On incident detection, the Flowtriq platform dispatches alerts to the customer's configured notification channels. Alert content transits through: SendGrid (email alerts), TextBelt (SMS alerts), customer-configured Webhooks, or third-party services (Discord, Slack, PagerDuty, OpsGenie, Teams, Telegram, Grafana, DataDog, Prometheus) via direct HTTP calls from the Flowtriq server.

Sub-Processor List

The following third-party organisations process personal or operational data on behalf of Flowtriq or its customers. Last updated: April 2026.

ProcessorCountryPurposePersonal Data InvolvedTransfer Basis
Stripe, Inc. US Payment processing and subscription management Billing contact name, email, card details (collected by Stripe directly) EU-U.S. DPF
Twilio SendGrid US Transactional email (account, billing, alerts) Recipient email address, email content Contractual safeguards
Cloudflare, Inc. US / Global CDN, DDoS protection, bot detection (Turnstile), web performance IP addresses, request headers, HTTP requests for all flowtriq.com traffic EU-U.S. DPF
TextBelt, Inc. US Optional SMS alert delivery (only for users with SMS channels configured) Phone number, SMS message content Contractual safeguards
Google LLC US Website analytics (GA4), advertising conversion tracking (Google Ads) Pseudonymous device/browser identifiers, pageview data, approximate location, conversion events EU-U.S. DPF
LinkedIn Corporation US Ad attribution and audience analytics (LinkedIn Insight Tag) LinkedIn member IDs (for logged-in LinkedIn users), IP address, page visit data EU-U.S. DPF
ContentSquare SAS France (EU) User experience analytics — session replay metadata, heatmaps, journey analytics Pseudonymous session identifiers, page interactions, scroll events EU-based
Tawk.to, Inc. US Live chat support widget on all public pages IP address, pages visited, name/email/chat messages if visitor initiates chat Contractual safeguards
Apollo.io, Inc. US Website visitor intelligence for sales pipeline identification IP address, company-level identification, page visit behaviour Contractual safeguards
Sub-processor list: The current sub-processor list is maintained publicly at flowtriq.com/compliance/sub-processors. For questions about any sub-processor arrangement, contact [email protected].

Data Retention Summary

Data TypeRetentionDeletion
User account records Subscription lifetime + 90 days Pseudonymised on account deletion. Personal identifiers removed.
Billing records 7 years from last transaction Legal obligation. Not deletable on request alone.
Network traffic metrics (PPS/BPS) 30–365 days depending on plan Deleted automatically when retention window expires or on account deletion.
Incident records Retained for the lifetime of the account Deletable on customer request. Deletion removes associated PCAPs and analysis.
PCAP packet captures 7 days (standard); up to 365 days (enterprise) Auto-deleted at retention window expiry. Customers can delete immediately from dashboard.
Audit log entries 90 days (standard); 1 year (enterprise) Personal identifiers pseudonymised on account deletion to preserve chain integrity.
Session cookies 30-day idle timeout Revoked immediately on logout or password change.

What ftagent Does NOT Collect

To address common DPO concerns about network monitoring agents:

  • ftagent does not capture, store, or transmit the content (payload) of monitored network traffic, except in PCAP capture mode which is opt-in and customer-controlled.
  • ftagent does not collect keystrokes, application data, user credentials, or business data from monitored servers.
  • ftagent does not perform deep packet inspection beyond identifying protocol headers (TCP, UDP, ICMP) for attack classification.
  • ftagent collects network aggregate statistics (counts, rates, percentages) rather than individual connection records. Source IP counts are approximate; individual attacker IPs are not individually stored by default.
  • PCAP captures, when enabled, are retained on the Flowtriq server and accessible only to the customer workspace members with appropriate permissions. Flowtriq staff do not access PCAP contents without customer consent.
Data residency: Flowtriq's primary application servers and database are located in Canada. For data residency addendum requests, contact [email protected].
Flowtriq, a brand of traztech · flowtriq.com · April 2026
This document reflects Flowtriq's data flows as of April 2026. Third-party processor details are accurate to the best of our knowledge as of this date.