1. Security Architecture
- Read-only access — Two ADO scopes (
vso.analytics and vso.work), both read-only. FlowCoach cannot modify your ADO environment.
- PII-free AI pipeline — Work item titles, assignee names, and free-text fields are excluded at the TypeScript compiler level. The code physically cannot include PII in the AI payload.
- No data storage — Every analysis is computed on the fly from live ADO data and discarded when the session ends. No database, no persistent cache, no data warehouse.
- Ephemeral tokens — ADO access tokens are obtained per request via the ADO SDK, used once, and never stored, cached, or logged.
- CORS — Backend locked to ADO domains (
*.visualstudio.com, *.dev.azure.com) and localhost for development.
- Rate limiting — 60 requests per hour per org+project on the AI coaching endpoint.
- Input validation — 10KB maximum payload size, HTML sanitization on freetext, prompt injection pattern removal.
Since FlowCoach stores no customer data, the blast radius of any security incident is limited to the current session only. There is no historical data to breach, no database to exfiltrate, no persistent credentials to rotate.
2. Supply Chain Security
- All dependencies pinned to exact versions — no
^ or ~ ranges
- Automated vulnerability scanning via
audit-ci on every build
- Secret scanning via
gitleaks on every push
- Software Bill of Materials (SBOM) maintained and regenerated on dependency changes
- Security-focused ESLint rules (
eslint-plugin-security, @microsoft/eslint-plugin-sdl) enforced in CI
- GitHub Actions CI runs type checking, linting, 118 automated tests, and security audit on every commit
3. Incident Response
If a security vulnerability is discovered in FlowCoach:
- Acknowledge the report within 24 hours
- Investigate and assess severity within 48 hours
- Deploy a fix for critical vulnerabilities within 72 hours
- Notify affected customers via email if data exposure is possible
Since FlowCoach stores no customer data, most incident scenarios have no data exposure component. The primary risk vector is session-level — and sessions are ephemeral by design.
4. Anthropic Sub-Processor
- FlowCoach uses Anthropic's Claude API for AI coaching generation
- Data sent to Anthropic: numeric metrics only (no PII, no work item content)
- Anthropic's data policy: prompts and responses are not used for training and are deleted within 30 days
- If Anthropic experiences a security incident, FlowCoach's exposure is limited to aggregate numeric metrics — no PII, no work item titles, no user-identifiable data
Anthropic's security practices: anthropic.com/security
5. Reporting a Vulnerability
We welcome responsible disclosure. If you discover a security vulnerability in FlowCoach:
- Email: support@flowinsight.ai
- We will acknowledge within 24 hours and keep you informed of progress
- We will credit reporters (with permission) in our release notes
For the complete data flow, see our Data Flow Diagram. For data handling details, see our Privacy Policy.