Yes, Flowlity is fully GDPR (General Data Protection Regulation) compliant and attaches paramount importance to the security and confidentiality of its customers' data. 
Here are the main aspects to consider: 
- Personal data and GDPR: In the context of a Flowlity project, the data handled is mainly supply chain data (products, stocks, sales history, etc.) which is rarely personal. However, if some indirect data contained personnel (e.g. supplier contact names, delivery addresses, etc.), Flowlity contractually commits to comply with the GDPR. Concretely, this means: consent and information on the data collected, data minimization (we do not process unnecessary data), right to be forgotten and return/destruction of data in the event of contract termination, etc. Flowlity can provide upon request a Data Processing Agreement (DPA) which details these commitments, including any subcontractors (cloud host for example) and storage locations. 
- Secure hosting: The Flowlity solution is hosted on secure cloud infrastructures such as AWS or Azure (depending on the case, and preferably on servers located in Europe to guarantee data sovereignty). These data centers offer guarantees of high availability, redundancy and physical security. Access to the servers is strictly controlled and monitored. In addition, Flowlity segments data by client: each client has its own isolated database, to avoid any mixing or leakage of information from one client to another. 
- Encryption: All communications between your system and Flowlity are encrypted (SSL/TLS) to prevent any interception (listening) of data in transit. Similarly, data stored in the Flowlity database is encrypted at rest to protect against any illegitimate access. For example, if backups are made, they are encrypted. 
- Access controls and authentication: Flowlity implements strict access controls. Your users access the platform via secure accounts (strong password authentication, with the possibility of SSO/SAML if you wish to integrate it with your corporate directory). Rights can be managed by roles to ensure that everyone only sees the data that concerns them. On the Flowlity side, only authorized people (for example, the project manager or the support team) can access your environment, and only for maintenance or assistance purposes, with your agreement. These accesses are tracked and limited. 
- Security protocols: Flowlity follows industry IT security standards. We regularly carry out security audits and intrusion tests via external firms to verify the robustness of our application. The development of new features requires code reviews, particularly on everything related to data access. Flowlity has implemented a vulnerability management policy (security monitoring, regular updates of third-party components, etc.). The company is aiming for relevant security certifications (e.g. ISO 27001) as it grows, and is already applying best practices in its internal organization. 
- Backup and continuity: Your data on Flowlity is backed up regularly, and the platform has disaster recovery mechanisms in case of a major incident. This ensures that even in the event of a failure, your data would not be lost and the service could quickly restart on a secondary infrastructure. These points are part of our SLA (Service Level Agreement) commitments. In terms of confidentiality, Flowlity undertakes to never share or use your data for purposes other than your project. The data you entrust to us remains your property. If you decide to leave the service, your data will be returned and then deleted from our systems after an agreed retention period. To summarize, security and compliance are pillars at Flowlity, because we work with sensitive clients (industry, distribution, sometimes defense like Thales mentioned in the press). 
Whether it's GDPR compliance, technical security, or contractual confidentiality, everything is in place to ensure your information is treated with the highest level of protection. (We can provide you with our complete security and GDPR compliance documentation during our discussions, and involve our security experts to answer any specific questions your CIO or DPO may have.)