#1 Alternative to Workplace from Meta.Switch to Flip today.

Privacy & Security

BYOD that's fit for a bank

Enabling employees to use their own phones at work can bring big benefits – and big risks. Flip passes the stress-test from industry bodies and employee councils alike, exceeding even the strictest security and privacy requirements. You get all of the upside, with none of the downside.

Practicality meets protection

Enterprise-grade as standard

Flip meets the most rigorous enterprise requirements right out of the box. Our platform is hosted on EU servers with ISO 27001 certification, messages are stored locally, and we're regularly audited by independent third parties. You don't even have to remember what GDPR stands for (yes, we're compliant with that too).

No more shadow channels

Inaccessible tools push employees towards insecure alternatives. But with Flip, they get the intuitive experience and practical benefits of social media apps without the security dangers. Employees get what they want and need without putting personal or company data at risk.

Higher employee adoption

Equipping everyone with a company phone is difficult with large workforces. And, though most employees carry a personal phone, they're often reluctant to let employers in. Enter Mobile App Management. Employers get high adoption without losing control. Employees get convenience without the fear of being 'spied on.' Everyone wins.

Supported by works councils

Works councils needn't slow your project – they can help accelerate it. Flip was developed in partnership with frontline employees and workers' groups to come pre-fitted with the protections they care about. The app can't access personal smartphone data, collects minimal employee data, and can be muted outside of working hours.

30%

of frontline employees admit to using private messaging apps for work

Flip Frontline Report

Privacy and data protection

How we keep your employees’ data safe

Data Processing Agreements

+

How we process your data is governed by a Data Processing Agreement – we’ll happily provide you with our template to look over. In accordance with GDPR, we comply with all requests for correction or deletion of data, or for a copy of the data we process. And to maximise your protection, we have DPAs of our own in place with all Flip data processors. 

Technical and Organisational Measures

+

We ensure the secure processing of your data through rigorous technical and organisational measures, as outlined in the GDPR. These include (but aren't limited to) Mandatory employee security training, regular third-party audits, two-factor authentication, firewalls, virus protection, and disk encryption. We also regularly review and optimise these measures to ensure we're ahead of the latest security developments.

Data minimisation principles

+

In a world where your data is constantly collected, connected, and sold, it's nice to know that Flip is a safe space. Flip was designed around the principle of data minimisation: collect what's necessary and nothing more. The only personal data needed to get set up is a first and last name, a user ID (e.g. email address), and a specified role (admin or user). Other information, such as a password reset email address, job title, region, or phone number, is completely optional.

Need the nitty-gritty?

You'll find extensive details and documents about how Flip keeps your company and employee data safe in our Trust Centre.

Visit Trust Centre

Certification and hosting

How we keep your company data safe

ISO 27001-certified data storage

+

Flip processes and stores your data in an ISO 270001-certified data centre in Germany that fulfils the requirements of the Cloud Computing Compliance Controls Catalog (C5) standard. By hosting data in the Azure cloud in Germany (Frankfurt and Berlin), we ensure that it stays within the European Union – protecting data sovereignty and ensuring compliance with regional regulations.

Open communication, encrypted transmission

+

Data transmitted between end devices and the data centre is encrypted according to the current state-of-the-art technology: TLS 1.3, RSA 2048 Bits/SHA256 with RSA, HTTP Strict Transport Security (HSTS). If that's too technical, we regularly have the security of the employee app checked by independent third parties. 

Authorisation and authentication

+

Flip uses OIDC (OpenID Connect) and OAuth protocols to verify authorisation and authentication. The JSON Web Token (JWT) signature is matched by the system with the user's public key in the API gateway for each individual HTTP access.

"The app allows us to communicate directly, securely, and easily with our colleagues. And all this with our private smartphones."

Franziska Blumenthal, Deputy Chairperson of the Works Council REWE

Privacy and security feature checklist

Privacy by design

Flip core features require only minimal data to run. Personal data like name and telephone number is optional.

Do not disturb

Employees can silence the app outside of working hours, on weekends, and when on holiday.

SSO and auto-lock

Employees log in once to access all their tools and start again where they left off with fingerprint or Face ID.

App-only access

Employers can't see, access, or control private smartphone data through the Flip app. Employees decide what they share.

Malware detector

Flip scans all files as they are uploaded. Malicious files are blocked and deleted, and the user is immediately notified.

Content moderation

All users can report offensive messages, posts, and comments to ensure a safer digital environment for everyone.