FluxConnect

Security isn't a feature. It's the architecture.

Security isn't something we bolt on. It's how FluxConnect is designed from the ground up.

Four core principles.

Data Isolation

Each retailer operates in its own isolated environment. It is technically impossible for one retailer to access another's data. No cross-retailer data paths exist. Supplier data is scoped within a single retailer tenant and cannot leak across boundaries.

Least Privilege

Suppliers see only the reports and data you explicitly grant them. Purchasers control exactly what is shared, report by report. Nothing is accessible outside explicitly defined scopes. Every access decision is intentional and auditable.

Defense in Depth

Multiple layers of security controls protect your data. From network isolation to application-level access controls to data encryption at rest and in transit. No single point of failure in the security model.

GDPR & Anonymisation

We adhere to GDPR requirements. Data anonymisation and aggregation ensure customer privacy is maintained when sharing insights with suppliers. No personally identifiable information is ever exposed to supplier users.

Tenant isolation model.

Retailer A Data Store Reports Suppliers Access Controls Audit Log X No data paths exist Retailer B Data Store Reports Suppliers Access Controls Audit Log Retailer C Data Store Reports Suppliers Access Controls Audit Log X

Supplier access: simple and secure.

A 50-second walkthrough: how a supplier's work email becomes a secured portal session, with no password to manage.

50-second walkthrough

Email-based access

Suppliers receive a login link via email. No account creation, no passwords to manage.

OTP

One Time Password

Each login uses a fresh OTP. No stored passwords, no credential theft risk, no AD/Entra ID required.

Scoped access only

Suppliers see only their own data, and only the reports you enabled for them. Nothing more, nothing less.

Why no passwords?

Traditional password-based authentication creates friction and risk. Suppliers need to manage credentials, IT teams need to configure Active Directory or Entra ID integrations, and stored passwords are a target for attackers. FluxConnect eliminates all of this with OTP-based access. Each login is a fresh, time-limited code. There's nothing to steal, nothing to forget, and nothing to configure.

Or run it entirely in your own environment

For teams with strict data-residency requirements, FluxConnect Private Deployment runs inside your own Azure, AWS, or GCP tenant. The supplier portal, isolation model, and access controls described above are identical; the difference is that your data never leaves your environment. FluxConnect can reuse the data platform you already run, so no copy of your data is ever stored on infrastructure we host.

Compare SaaS and Private Deployment →

Have security questions? Talk to our team.

We're happy to walk through our security architecture in detail.

Contact Us