Mente Flow / automation
Book a call →
Mente Flow / Trust / Security

Security is a workflow, not a checkbox.

We deploy into your VPC by default, redact PII at the edge, and log every model call to an immutable ledger. Compliance follows from the architecture, not from a policy doc.

How we handle your data

  • Your VPC by default. The orchestrator, the agents, the vector store — all in your cloud account. We connect via least‑privilege IAM.
  • PII redaction at the edge. Before any prompt leaves your VPC, PII is redacted and replaced with stable placeholders. Reversed only on egress to your own systems.
  • Immutable run ledger. Every model call, every tool call, every approval gate, written append‑only with the prompt, the response, the human who approved (if applicable). Retained per your policy.
  • Model provider choice. Use your own API keys, your own contracts. We don't proxy. Switching providers is a config change.
  • No training on your data. We require zero‑retention on all third‑party model providers. Written into every model contract.

Sub‑processors

The current sub‑processor list is published as part of the DPA. View the DPA for the full list. We notify clients 30 days before any addition.

Vulnerability disclosure

Security issues to security@menteflow.com. PGP key on the contact page. We acknowledge within 24h and publish fixes within the standard 90‑day window.

Find the four hours a week your team is bleeding.

A free 30‑minute audit. We map your tooling, identify the three highest‑ROI automations, and tell you which to build first.

Book the audit See all solutions