Our infrastructure includes multiple layers of network protection:
Enterprise-grade cloud infrastructure
FlexPoint runs on Microsoft Azure, one of the world's most trusted cloud platforms. Azure data centers use state-of-the-art physical security, customized hardware, and security controls built into the hardware and firmware level, with built-in protections against threats like distributed denial-of-service (DDoS) attacks.
- Firewalls and Web Application Firewalls (WAF)
- Virtual networks (vNets) for traffic isolation
- Continuous monitoring and alerting
- Role-based access level controls
Security built into every layer of the platform
How FlexPoint protects your client billing data.
Encryption
All data in FlexPoint is encrypted, whether it's moving between your browser and our servers or sitting in storage on our cloud platform. This covers files, databases, and applications, both in transit and at rest.
For sensitive data, we apply double encryption at the column level for an additional layer of protection.
Authentication
FlexPoint uses passwordless authentication to keep accounts secure. Instead of a static password, every login generates a one-time PIN tied to your account and your device. No passwords to remember, and no passwords that can be used to compromise your account.
PCI compliance
Card payments in FlexPoint are processed through a certified Level 1 PCI Compliant Service Provider, the highest certification level under the Payment Card Industry Data Security Standard (PCI DSS). We do not store any sensitive cardholder data on our servers.
COMPLIANCE
Meeting the standards MSPs depend on
Security and compliance are built into how FlexPoint operates, not added on after the fact. From infrastructure to authentication to payment processing, the platform is designed to protect your business and your clients' data, and to meet the regulatory standards your contracts may require.
PCI DSS level 1
Card payments processed by a Level 1 certified provider. No sensitive cardholder data stored on FlexPoint servers.
Data encryption
All data encrypted in transit (TLS) and at rest, with double encryption applied at the column level for sensitive fields.
Passwordless authentication
One-time PIN login removes password-based risks including credential reuse, phishing, and brute-force attacks.
Network security
Firewalls, WAF, vNets, and continuous monitoring protect platform traffic at every layer.
Access controls
Role-based permissions ensure team members only access the data relevant to their function.