To ensure the safety and security of our company, employees, and customers, FlowFuse maintains a set of security policies that we all must follow.

It is important that every takes the time to understand their own responsibilities in this area, which includes prompt reporting and resolution of any issues identified.


Password vault

The company provides a 1Password Vault account to all employees. When available, sign in with your Google Workspace account. When this option is not available, you must not reuse the same password between different application, but you must generate a new one per application. Passwords are stored in 1Password for both individual user accounts and shared accounts (e.g. FlowFuse npmjs account).

Any shared accounts should be in an appropriate vault shared with those that need it only, but always more than just one person.


For all services that support it, 2FA authentication should be enabled and if possible enforced by policy. Where possible the 2FA seed keys should be added to the entry in the Password Vault.

Executive Fraud

The CEO, CTO, and other executives at FlowFuse will never email anyone to wire money, request you to buy gift cards, or request any other type of monitory transaction. Transactions are started through a set process only. When in doubt, reach out through Slack and request a huddle with the executive to validate.