Security & Compliance
FlexSite is built on Amazon Web Services (AWS) with security at every layer. From isolated multi-tenant infrastructure to end-to-end encryption, we built the platform so you can focus on your site while we handle the security.
How we protect your data
Enterprise-grade security built into every layer of the platform, from infrastructure isolation to real-time monitoring, so you can run Drupal and WordPress with confidence.
Shared Responsibility Model
FlexSite leverages AWS's Shared Responsibility Model. AWS secures the cloud infrastructure, FlexSite secures the platform layer, and you manage your CMS configuration and content.
AWS: global infrastructure, physical security, and foundational services.
FlexSite: container hardening, runtime configuration, automated patching, network policies, logging, and operational security.
You: CMS configuration, user access within your sites, and content governance.
Multi-Tenant Infrastructure Isolation
Every environment runs in complete isolation. Your data, files, and application runtime are separated from other tenants at the infrastructure level, not just at the application layer.
Each environment runs in its own isolated container group with dedicated caching, web server, application, and session layers.
Databases use per-environment schemas, ensuring no data mixing between tenants.
File storage uses isolated persistent volumes per environment.
Organization-scoped data partitioning across all platform services.
End-to-End Encryption
Data is encrypted at every layer, at rest and in transit. Encryption is not optional; it is the default for every storage service and every network hop.
All databases, file storage, backups, and application data are encrypted at rest with AES-256.
TLS 1.2+ enforced on all traffic via our global CDN with managed SSL certificates.
SSL certificates are automatically provisioned and renewed for every custom domain.
Internal service-to-service communication uses encrypted channels.
Network Security & DDoS Protection
Your sites are protected by multiple layers of network security, from the CDN edge to the application runtime, with traffic never reaching your containers directly.
Global CDN serves as the edge layer, absorbing volumetric DDoS attacks before they reach your infrastructure.
Application servers and databases run in private network subnets, not exposed to the public internet.
Load balancers with security groups restrict inbound traffic to trusted sources only.
Per-environment caching layer provides an additional request filtering and protection boundary.
Identity, Access Control & SSO
Authentication and authorization are powered by a managed identity service with a custom authorization layer built by FlexSite, enforcing role-based access control across every API call.
Managed user pools with secure password policies and token-based authentication.
Role-based access control (RBAC) at organization level (Owner, Admin, Member, Viewer) and project level (Admin, Developer, Viewer).
Custom API authorizer enforces least-privilege access on every operation.
SSO integration and personal access tokens for FlexLab developer workflows.
GDPR & Privacy Compliance
FlexSite includes a built-in consent management system with full audit trails, so you can demonstrate compliance with data protection regulations like GDPR.
Versioned legal documents with trackable consent records per user.
Full audit log for every consent action (grant, withdrawal, updates).
Data erasure request processing to support right-to-be-forgotten obligations.
Stripe handles all payment processing; no credit card data is stored on FlexSite servers.
Automated Backups & Disaster Recovery
Your data is protected by automated daily backups, on-demand snapshots, and multi-zone database failover. Safety backups are automatically created before any destructive operation.
Automated daily database backups stored encrypted in cloud storage.
On-demand manual backups and files backups available at any time from the dashboard.
Multi-zone database failover for high availability with automatic recovery.
Safety backups created automatically before imports, restores, and sync operations.
Real-Time Monitoring & Incident Detection
FlexSite continuously monitors your environments for server errors, performance issues, and configuration risks, alerting you the moment something needs attention.
Automated 5xx error detection with real-time alerts when server errors occur.
Environment health monitoring with proactive configuration advisories (caching, logging, security).
Lighthouse quality scanning for performance, accessibility, SEO, and security best practices.
AI-powered diagnosis via Flexy assistant to help you understand and resolve issues faster.
