Security & Trust at HiveFlow
HiveFlow is built with security at its core. We protect your data with enterprise-grade encryption, isolated execution environments, and comprehensive access controls.
Compliance
Security Highlights
Encryption at Rest
All sensitive data encrypted with AES-256-GCM. Per-value IV with PBKDF2-SHA512 key derivation (10K iterations).
Encryption in Transit
TLS 1.2+ enforced on all connections. WebSocket upgrades to WSS. No plaintext communication.
Sandboxed Execution
User code runs in isolated Firecracker micro-VMs (E2B). No access to server filesystem or network.
Multi-Factor Authentication
OTP via email, OAuth 2.0 (Google/GitHub), API keys with bcrypt hashing and granular scopes.
Audit Trail
Every execution, API call, and access event logged with timestamps, IP, and user context.
Access Controls
Granular API key permissions, share tokens with IP allowlists, credit-based execution limits.
Resources
Security Overview →
Architecture, encryption, and infrastructure details
Compliance →
Certifications, controls, and audit readiness
Subprocessors →
Third-party services and data processing
FAQ →
Common questions from security teams
Documents
Updates
AES-256-GCM encryption audit
Internal audit of encryption implementation for all stored credentials completed.
E2B sandbox integration
All user code execution now isolated in Firecracker-based micro-VMs via E2B.
SOC 2 readiness assessment started
Engaged with compliance partner to begin SOC 2 Type I preparation.
WebSocket authentication hardened
Auth tokens now sent post-connection instead of URL params to prevent log exposure.
API key granular permissions
Introduced scoped API keys with read/write/execute permissions and configurable expiration.