Public-document inventory
Structureflow
What Structureflow publishes about its data handling, captured from Structureflow.co on 2026-06-05. See also the Structureflow vendor profile.
Document inventory
| Document | Publicly posted | Source |
|---|---|---|
| Terms of service | yes (off-domain host) | https://www.Structureflow.co/legal |
| Privacy policy | yes (off-domain host) | https://Structureflow.co/legal/privacy-policy |
| Data processing agreement | yes (off-domain host) | https://www.structureflow.co/wp-content/uploads/2026/02/SF-LE-DOC-StructureFlowDPA-FIN-20260105.pdf |
| Security page | yes (off-domain host) | https://Structureflow.co/ |
| Subprocessor list | yes (off-domain host) | https://www.structureflow.co/legal/approved-sub-processor-list/ |
Transparency count: 5/5
Structureflow had 5 of the 5 document types publicly posted at capture (terms of service, privacy policy, data processing agreement, security page, subprocessor list).
AI-training stance: No-train commitment
verdict: clean-no-train
Flag fired on STAFF 'security training', not model training. StructureFlow's PST §2.5 is an explicit no-train and it adopted oneNDA. False positive.
“Training StructureFlow shall ensure that all Personnel receive: (a) information security awareness training”
Quoted verbatim from the vendor's security page, read 2026-06-05.