Get started
Get started
image image image image image image

Security & Trust

image image image image

Our security posture

nFlow aligns Salesforce–Microsoft Teams collaboration with enterprise-grade security: governance-by-design, automated compliance (labels, access, retention), and lifecycle controls—built on the proven nBold foundation while keeping your content in Microsoft 365.

  • Independent certifications — ISO 27001; SOC 2 Type II (reports under NDA)
  • Built on the nBold platform — shared security baseline; content stays in Microsoft 365
  • Governance by design — aligned to M365 labels, retention, access; automated lifecycle
Start Free Trial
image
image image image image
image

Data flow & isolation

nFlow orchestrates Microsoft Graph and Salesforce APIs—never warehousing your data. Customer content stays in Microsoft 365; CRM data stays in Salesforce. We store only the minimal metadata required to run automations.

  • Orchestration, not warehousing
  • Metadata only (templates, rules, audit)
  • Tenant-isolated, region-aware (EU-hosted options)
Start Free Trial
image image image image

Identity & access management

Enterprise identity and access: Azure AD SSO with Conditional Access/MFA, least-privilege RBAC, scoped Salesforce OAuth, and minimal Microsoft Graph permissions—documented and auditable.

  • SSO via Azure AD — tenant-enforced Conditional Access & MFA
  • RBAC — least-privilege roles for admins/builders vs. owners
  • Salesforce OAuth — separate sandbox/prod; scoped tokens, easy rotation
  • Microsoft Graph — minimal permissions for Teams/Channels/Tabs & membership
Start Free Trial
image
image image image image
image

Encryption & network security

End-to-end protection for orchestration metadata with secure key handling and a hardened network perimeter.

  • Encryption in transit & at rest for orchestration metadata
  • Secure key management & secrets; short-lived, revocable tokens
  • Network hardening with restricted admin access and defense-in-depth
Start Free Trial
image image image image

Governance, lifecycle & compliance alignment

Governance-by-design for Microsoft 365: templates apply labels and access, lifecycle keeps spaces tidy, retention-aware actions, and full auditability.

  • Sensitivity labels & access policies — applied by template to Teams/Channels
  • Lifecycle automation — auto-archive/hand-off on Win/Loss or Case resolution
  • Retention awareness — honors Microsoft Purview retention & eDiscovery
  • Auditability — admin dashboard logging rules, provisioning, approvals, membership changes
Start Free Trial
image
image
image image image image
image

What we don't store

We don’t store your collaboration content—only minimal references for orchestration; no passwords are ever kept.

  • No Teams messages or files
  • No Salesforce object data beyond IDs & fields used in rules/naming
  • No user passwords (SSO/OAuth only)
Start Free Trial
image image image image

Shared responsibility

Shared-responsibility model: you own tenant governance; nFlow enforces it consistently across orchestration.

  • You control — MFA/Conditional Access, sensitivity labels, retention/DLP, Team creation rights
  • We provide — secure orchestration (templates, rules, lifecycle, audit) that applies your policies
Start Free Trial
image
image image image image
image

Compliance & reports

ndependent assurance and transparent vendor management—formal audits plus up-to-date subprocessor disclosures.

  • ISO 27001 certificate — available on request
  • SOC 2 Type II report — available under NDA
  • Subprocessors & data handling — listed and kept current in the nBold Trust Center
Start Free Trial
image image image image

Security features at a glance

Enterprise-grade orchestration for Microsoft 365 and Salesforce: least-privilege access, strong identity, governed lifecycle, and transparent audit—without warehousing your data.

  • Least-privilege Microsoft Graph access with guardrails Azure AD SSO and RBAC
  • Azure AD SSO and RBAC
  • Salesforce OAuth (sandbox & prod), scoped access
Start Free Trial
image

No. Files and conversations stay in your tenant. We orchestrate creation, tabs, membership, and lifecycle.

Orchestration metadata can be hosted in the EU. Customer content remains in Microsoft 365; CRM data remains in Salesforce.

We use the least‑privilege Microsoft Graph and Salesforce scopes necessary to fulfill the rules you configure. A detailed list is available in the Trust Center.

Yes. Use RBAC to limit builders, and templates to enforce labels, naming, and allowed business units.

Revoke OAuth tokens (Salesforce), remove app consent (Azure AD), or disable users via your IdP. nFlow respects these controls immediately.

Yes — request our security package for ISO 27001 and SOC 2 Type II documentation (NDA required).

FAQ

Security inquiries & responsible disclosure :.

[email protected]

Contact us →

Legal & DPA requests :

[email protected]

Contact us →