Security at Flurbix

Enterprise-grade Security.
Built for Trust.

Flurbix is designed with security, privacy, and reliability at its core. We use industry-standard encryption, secure authentication, infrastructure best practices, and strict access controls to protect your business data.

Security Highlights

Enterprise-ready protections embedded at every layer of our platform.

AES-256 Encryption

Sensitive credentials and OAuth tokens are encrypted at rest using industry-standard AES-256 protocols.

TLS Encryption

All communication between users and Flurbix is protected using strong HTTPS/TLS encryption protocols in transit.

Secure Authentication

Google OAuth authentication is securely implemented using industry best practices and strict token lifecycles.

Workspace Isolation

Every organization has its own isolated logical database workspace. Organizations cannot access each other's data.

Role-based Access

Access to internal database management systems is restricted using strict least-privilege principles.

Continuous Monitoring

Our hosting infrastructure is continuously monitored for performance, availability, and potential security threats.

Google OAuth Integration Security

Flurbix connects to your Google accounts securely, asking only for permissions required to send campaign outreach on your behalf.

OAuth Security Principles

Explicit Authorization: Flurbix connects to Google APIs only after you explicitly grant access via the Google OAuth consent screen.
Minimum Scopes: We request only the absolute minimum permissions needed to operate. We only request Gmail permissions to send emails.
Full Disconnection: You can disconnect your Google accounts at any time. Revocation instantly purges all related OAuth tokens from our databases.

Token Lifecycle Management

OAuth tokens are strictly encrypted using AES-256 at rest.
Access tokens are stored in an isolated, secure database.
Tokens are rotated programmatically according to Google API lifecycle rules.
All access tokens are completely purged upon user account deletion.

What Flurbix DOES NOT Do

To protect your business and personal privacy, Flurbix enforces strict user data boundaries.

We do NOT read your Gmail inbox
We do NOT read your email history
We do NOT access email attachments
We do NOT read or access contacts
We do NOT analyze email content
We do NOT train AI using Google data
We do NOT sell Google user data
We do NOT share Google user data
Google OAuth Compliant

Encryption standards & Privacy Rules

How we secure your campaigns, configurations, and personal workflows.

Data Encryption

Data in Transit

All internet communication between users and Flurbix servers is forced over HTTPS/TLS (TLS 1.2+ protocols). HSTS rules prevent unencrypted connections, securing API data exchange globally.

Data at Rest

Customer credentials, OAuth tokens, campaigns, and configuration databases are stored with production AES-256 disk encryption. Application secrets and environment configuration variables are managed using isolated secret storage keys.

Customer Data Protection

Data Ownership

Customer data remains the exclusive property of the customer. Flurbix never sells customer database leads, emails, or operational metrics, and never shares campaign configurations with advertisers.

Privacy-First Settings

We request permissions only when authorized. Users retain full rights to request a complete export of campaign analytics or delete their workspace, databases, and connected credentials permanently.

Infrastructure & Access Control

We host Flurbix on industry-leading cloud infrastructure with strict access gating.

Cloud Hosting

Automatic Backups

Logging & Audit

Disaster Recovery

High Availability

Secure Deployment

Least Privilege

Continuous Monitoring

Access Control Gating

Internal database and system access is restricted strictly to authorized Flurbix staff. Access is allowed only under least-privilege principles when required for:

  • Customer support ticket troubleshooting (authorized explicitly by users).
  • System maintenance, database performance tuning, and scaling operations.
  • Security audits, threat mitigations, and vulnerability tracking.
  • Legal compliance or security incident investigation.

All administrative access is logged, audited, and reviewed regularly.

Global Security & Compliance Standards

We maintain high data standards to help you align with international privacy requirements.

GDPR Ready
CCPA Ready
Google OAuth Policy
TLS Encryption
AES-256 Encryption
Privacy First

Frequently Asked Questions

Clear answers about how we protect your credentials and campaign data.

All customer data in transit is protected using TLS 1.2 or higher, forcing HTTPS/HSTS across the entire website and application. Data at rest—specifically user authentication credentials, Google OAuth refresh tokens, and application secrets—is stored using industry-standard AES-256 encryption.
No. Flurbix does not read your inbox, retrieve your email history, analyze attachments, or scan email content. We request limited Gmail API scopes solely to programmatically draft and send the specific outreach emails that you write, schedule, and authorize. We never access, copy, or monitor any other emails.
Your Google OAuth refresh and access tokens are encrypted using AES-256 and stored in an isolated, secure database. Access to these tokens is programmatically restricted to the backend processes running your campaigns.
Yes. You can instantly revoke Flurbix's access at any time from your Flurbix account settings or directly from your Google Account Security dashboard. Upon disconnection, your secure credentials and OAuth tokens are permanently purged from our databases.
Yes. Under GDPR and CCPA principles, you have a complete "Right to Be Forgotten." You can delete your Flurbix account and all associated campaign data, metrics, and configurations at any time. This action permanently deletes your data from our active databases and backup files.
You own 100% of your data. This includes lead lists, prospect databases, customized email templates, outreach copy, and campaign analytics. Flurbix acts only as a secure processor and will never sell, lease, or use your data for advertising or model training.

Security You Can Trust

Protect your outreach campaigns with enterprise-grade security, privacy-first architecture, and secure Google integrations.