FloWorxIQ Security & Breach Notification Policy

Last Updated: September 20, 2025

FloWorxIQ Inc. (“FloWorxIQ”, “we”, or “our”) takes the protection of your information seriously. This Security & Breach Notification Policy explains how we safeguard your data and how we will respond if a security incident occurs.

1. Security Commitments

FloWorxIQ maintains administrative, technical, and organizational measures designed to protect your information against unauthorized access, disclosure, alteration, or destruction. These include:

  • Encryption: All data is encrypted in transit using TLS and at rest using industry-standard AES-256 encryption.

  • Access Controls: Employee access is limited by role and protected by multi-factor authentication.

  • Segregation: Each customer’s environment is logically isolated to prevent cross-access.

  • Monitoring: Systems are monitored for unusual activity, with logging and alerts in place.

  • Backups: Regular, encrypted backups are performed to ensure service continuity.

  • Testing: We conduct vulnerability scans and third-party penetration tests on a regular basis.

  • Subprocessors: We use only vetted providers that meet privacy and security standards (e.g., cloud hosting with SOC 2/ISO 27001 certifications).

2. Customer Responsibilities

You play a critical role in maintaining security. You agree to:

  • Protect your login credentials and use strong passwords.

  • Enable multi-factor authentication (MFA) where available.

  • Notify us immediately if you suspect unauthorized access to your account.

3. Breach Notification

If FloWorxIQ becomes aware of a Personal Data Breach that affects your data, we will:

  1. Notify you without undue delay — and in any event within 72 hours if required by applicable law (e.g., GDPR, PIPEDA).

  2. Provide details including:

    • The nature of the breach.

    • The categories of data involved.

    • The likely consequences.

    • Measures taken or proposed to address the breach.

  3. Provide a point of contact for ongoing communication.

Where legally required, we will also notify supervisory authorities (e.g., the Office of the Privacy Commissioner of Canada, EU data protection authorities).

4. Incident Response

FloWorxIQ maintains an incident response plan that includes:

  • Identification and containment of threats.

  • Investigation and assessment of scope.

  • Remediation and system hardening.

  • Notification to affected customers and regulators.

  • Post-incident review and preventive improvements.

5. No 100% Guarantee

While we take strong measures to safeguard your information, no system is 100% secure. We commit to transparency, swift action, and compliance with applicable laws if an incident occurs.

6. Contact

If you have any security concerns or need to report an incident, contact:

FloWorxIQ Security Team

Email: security@floworxiq.com

Support: support@floworxiq.com