Flowtriq Incident Response | How We Handle Security Incidents
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance
Trust Center

Incident Response

How Flowtriq detects, responds to, and communicates security incidents · April 2026

Scope

This document describes how Flowtriq (traztech) responds to security incidents affecting the Flowtriq platform itself — including its web application, API, database, and supporting infrastructure. It is distinct from incident response for DDoS events detected on customer servers, which is handled automatically by the ftagent and described in the product documentation.

Detection & Monitoring

Flowtriq uses its own platform and additional controls to monitor for security incidents:

  • Tamper-evident audit log — SHA-256 hash-chained log of all user actions, configuration changes, and system events. Any modification to the log is detectable offline.
  • Cloudflare WAF & DDoS protection — network-level anomaly detection and threat intelligence at the edge for all inbound traffic.
  • ftagent on infrastructure — Flowtriq's own agent monitors the platform's servers for DDoS and network anomalies, the same way customers use it.
  • Session and authentication monitoring — unusual login patterns and IP changes are reflected in the audit log and can trigger review.
  • Dependency and vulnerability tracking — security advisories for platform dependencies are monitored; critical patches are applied with priority.

Response Timeline

Flowtriq follows a structured incident response lifecycle:

T+0 — Detection
Incident identified
An incident is declared when a security event is identified that may affect the confidentiality, integrity, or availability of customer data or the Flowtriq platform. The incident is assigned a severity level and an owner.
T+2 hours — Containment
Immediate containment measures applied
Affected systems are isolated or access is restricted. Credentials and API keys potentially affected by the incident are rotated. Cloudflare rules may be applied to block malicious traffic sources.
T+48 hours — Enterprise notification
Enterprise customers notified
For incidents involving a personal data breach, enterprise customers acting as data controllers are notified within 48 hours of Flowtriq becoming aware that their data may be affected. Notification is sent to the workspace owner's registered email address.
T+72 hours — Regulatory notification
Supervisory authority notified (if required)
Where the breach creates a real risk of harm to individuals, Flowtriq notifies the relevant supervisory authority (Office of the Privacy Commissioner of Canada, and applicable EU data protection authorities) within 72 hours as required by GDPR Art. 33 and PIPEDA.
As needed — Individual notification
Affected individuals notified
Where the breach is likely to result in high risk to individuals (GDPR Art. 34) or real risk of significant harm (PIPEDA), affected individuals are notified directly without undue delay. Notification includes a description of the breach, data involved, and steps individuals can take to protect themselves.
Post-incident — Review
Post-incident review and remediation
A root cause analysis is completed. Controls are improved to prevent recurrence. The incident is recorded in the internal breach register. Where appropriate, a post-incident summary is shared with affected customers.

Notification Commitments

NotificationRecipientTimelineChannel
Enterprise customer notification Workspace owner of affected accounts Within 48 hours of confirmed breach Email to registered workspace owner address
GDPR supervisory authority notification Relevant EU data protection authority Within 72 hours of becoming aware (GDPR Art. 33) Formal regulatory notification channel
OPC notification (Canada) Office of the Privacy Commissioner of Canada As soon as feasible (PIPEDA) OPC breach report portal
Affected individual notification Individuals whose data is at high risk Without undue delay after authority notification Direct email; platform notification if applicable
Platform status update All customers Within 2 hours for service-affecting incidents flowtriq.com/status and email to subscribed users

Breach Register

Flowtriq maintains an internal breach register documenting all security incidents, regardless of whether they meet the threshold for regulatory reporting. Each entry records:

  • Date and time the incident was detected and declared
  • Nature of the breach — the type of incident and how it occurred
  • Categories and approximate volume of personal data and individuals affected
  • Likely consequences of the breach
  • Measures taken to address the breach, including containment and remediation steps
  • Notifications sent — who was notified, when, and through which channel

The breach register is available to supervisory authorities and customers on request as part of demonstrable accountability under GDPR Art. 33(5).

Reporting a Security Issue

If you believe you have discovered a security vulnerability in the Flowtriq platform, please report it responsibly before disclosing publicly. We take all reports seriously and will acknowledge your message within 2 business days.

Security contact: [email protected]
For platform availability incidents visible to you as a customer, check flowtriq.com/status first. For suspected data breaches affecting your account, contact [email protected] and [email protected].
Flowtriq, a brand of traztech · flowtriq.com · April 2026
This document reflects Flowtriq's incident response practices as of April 2026.