Skip to main content

Security overview

Tenant isolation

Every job, schedule, and metric is scoped to a ProjectId (tenant). All data access goes through the API layer that enforces tenant scoping; direct database access is not exposed to customers.

Encryption

  • In transit: TLS 1.2+ on every public surface.
  • At rest: encrypted on both PostgreSQL and Redis (cipher details on request under signed DPA).
  • API keys: salted and hashed before storage; only the prefix is shown in the dashboard after creation.

Authentication

API keys are scoped per project. Dashboard access uses email and password, with email verification on signup. SSO/SAML is on the roadmap for Enterprise plans.

Infrastructure

Flare runs on Microsoft Azure. The data plane uses managed PostgreSQL and managed Redis; the control plane runs on Azure Container Apps. Specific region and SKU details are shared under signed DPA. See the subprocessor list for the third parties involved in operating the service.

Vulnerability reporting

If you believe you have found a security issue, email security@zeridion.com. We ask that you do not publicly disclose until we have had a chance to investigate and remediate. We will acknowledge every report within two business days.

Compliance roadmap

We are working toward SOC 2 Type I and ISO 27001 for general availability. We do not currently claim certification for either.