Security FAQ
Find practical answers on our security architecture, data protection, and how we support compliance. Your signed DPA remains the source of legal commitments.
Short answers to recurring questions. For contract-specific commitments, use your DPA and order form.
Encryption & keys
We use industry-standard TLS 1.2+ with modern ciphers. Internal traffic uses mutual TLS and network policies where available.
We rely on cloud provider default encryption and application-level controls for secrets and credentials. Object stores and database volumes are encrypted with managed keys in supported regions.
Access & identity
Supported plans include SSO integration with your IdP. Ask your Winchflow account contact for the current product matrix and rollout steps.
Operations & availability
We maintain automated backups and periodic restore tests proportionate to the service tier. RPO / RTO are described in the applicable service description where relevant.