GDPR-compliant with a published DPA

A CRM you can hand to your lawyer.

Field-level encryption. Tenant-scoped keys. An audit log on every mutation. A DPA your legal contact can pull right now. FlowGrid answers vendor reviews with cryptography, not assurances.
Start Free TrialSee security details

14-day trial · No credit card · Export your data anytime

The questions you keep getting asked

What your buyers and your DPO already want to know.

  • Where does my customer data physically live, and which subprocessors touch it?
  • If your support team can read a contact record while debugging, can they do it without my consent?
  • If you get acquired or shut down, what happens to my data — and how do I get it back?

How FlowGrid answers them

Privacy is a database design decision, not a marketing claim.

Encryption that isolates tenants by default

Field-level AES-256-GCM with tenant-scoped keys.

Every contact field is encrypted at rest. Each tenant has its own key, managed in a key-management service. A workspace's data cannot be decrypted with another workspace's key — not by us, not by an attacker who manages to read the database.

Multi-tenant row-level isolation is enforced at the Postgres layer, so cross-tenant reads aren't a feature flag — they're a database-level impossibility.

Screenshot 2 placeholder

Audit log built-in

Every mutation, with actor, before-and-after, timestamp.

When something happens to a record, your audit trail records who did it, what changed, and when. Logs are append-only. Workspace admins can export the full trail at any time.

Right-to-be-forgotten requests delete the record and themselves get logged. Your DPO can answer DSAR requests with evidence, not promises.

Data export interface in FlowGrid

Legal paperwork ready

GDPR-compliant with a DPA you can pull right now.

Most vendor reviews stall waiting for the DPA to come back redlined. FlowGrid's DPA is published and ready to read — pull it up and forward it to your legal contact while you're still reading this page.

Subprocessor list is public and current; see /legal/subprocessors for who touches what data and where.

Verifiable, not assumed

We're early. Here's how you can verify us anyway.

How your data is protected

Field-level AES-256-GCM encryption with tenant-scoped keys. Multi-tenant row-level isolation. Every mutation logged.

Read the security details →

Legal & compliance

GDPR-compliant with a Data Processing Addendum. Your legal contact can pull it now — not after a sales call.

Read the DPA →

Built in public

Public release notes coming soon. Follow what we’re shipping →

Built in public

We don't have customer logos to show you yet.

FlowGrid is early. Instead of borrowed credibility, here's what you can verify yourself:

Honest answers

The questions you'd actually ask.

Forward the DPA. Start the trial. See it for yourself.

14-day trial, no credit card, full data export at any time. Your legal contact can review the DPA in parallel.
Start Free Trial

See also: security details · read the DPA