How SecureFlow works

When a large company is considering buying software or services from your business, their security team will often send you a spreadsheet of security questions before they sign the contract. This is called a vendor security questionnaire (also known as a security assessment, SIG, CAIQ, or third-party risk questionnaire).

These spreadsheets can contain 100 to 500 questions such as:

• “Do you encrypt data at rest and in transit?”
• “Describe your incident response process.”
• “Do you have SOC 2 Type II certification?”
• “How do you control access to customer data?”
• “What is your data retention and deletion policy?”

Answering these manually means someone at your company has to dig through security policies, architecture docs, certificates, and past questionnaire answers — then type a response for every single question. This typically takes days or weeks, and it blocks the deal from moving forward.

SecureFlow automates this. You upload your company documents once. The AI drafts all the answers from your own documents — with citations — in minutes. Your team reviews and sends.

1. You upload evidence — security policies, architecture notes, subprocessor lists, past questionnaire answers.
2. You upload the customer's question file — a CSV or Excel sheet the vendor sent you.
3. SecureFlow drafts every answer — it finds the right snippets from your vault and writes a first draft per question, showing the source file and excerpt for each claim.
4. You review, edit, approve, and export — a clean CSV ready to send.

Drafts are starting points — always review before sending to a customer. See our disclaimer for details.

Go to Register and sign up with your email and a password, or click Continue with Google for one-click sign-in. No credit card is required on the free tier.

When you register, a workspace is created for you. A workspace holds your documents and questionnaires. You can invite teammates and assign them roles:

• Admin — full access, manages billing and members.
• Editor — can upload documents, run AI, edit answers.
• Viewer — read-only access.

After signing in you land on the Dashboard. The navigation bar at the top gives you access to all features.

Click Knowledge vault in the app header. Upload the documents you want the AI to use as sources — think of this as giving the AI a library to quote from.

What to upload:

• Information security policy (PDF or Word)
• Data processing agreement or DPA
• Subprocessors list
• Past completed questionnaires (CSV or Excel)
• Architecture or technical overview docs
• ISO 27001 / SOC 2 certificates or summaries

Supported file types: PDF, Word (.docx), plain text, Markdown, CSV. Once uploaded, each file shows a status dot that changes to Ready when the AI has indexed it (usually within a few seconds to a minute).

You need at least one document in the Ready state before generating drafts.

Click Questionnaires → New questionnaire. Give the project a name (e.g., “Acme Corp Q3 security review”), then upload the file the vendor sent you — a CSV or Excel (.xlsx) spreadsheet with their questions listed in a column.

SecureFlow will ask you to confirm which column holds the question text. It detects this automatically in most cases. Click Import and you will see all the questions listed as rows in your new questionnaire.

Download a sample question file to try it out: sample-questions.csv.

Inside your questionnaire, click Generate drafts. The AI will process every row:

1. It embeds each question and searches your vault for the most relevant passages.
2. It writes a draft answer based only on what is in your vault — it does not invent facts.
3. It attaches citations: the source filename and the exact excerpt used for each answer.

If no vault document covers a question, you will see an insufficient information message rather than a made-up answer. In that case, upload a relevant document and regenerate that row.

Generation can take up to a minute on large files. The button shows a progress state while running.

On the Free plan, you have 25 AI-generated rows per month. On Starter ($19.99/mo) you get 2,000. The app will warn you before you hit your limit.

Read each draft answer carefully. The Citations block shows exactly which document and excerpt the AI used — you can verify accuracy at a glance. Use the edit field to adjust wording, add context, or correct anything the AI got wrong.

Click Approved on each row when your team is satisfied — this is your internal sign-off flag. When all critical rows are approved, click Export CSV to download a file you can email to the vendor, upload to a procurement portal, or open in Excel.

You can also click Regenerate row on any individual question to re-run only that line (useful after you upload a better source document).

SecureFlow has three plans. You can see and manage your plan from the Billing link in the app header (Admins only).

• Free — 25 AI-generated answers per month, forever free, no credit card needed.
• Starter — $19.99/month — 2,000 AI-generated answers per month, team roles, priority support. Cancel any time.
• Custom / Enterprise — unlimited volume, custom SLA, SSO roadmap. Contact us.

Usage resets on the first of each calendar month (UTC). Each AI-generated draft row (including regenerations) counts as one usage unit. Editing, approving, and exporting are free.

See Pricing for the full comparison.

Do I need any technical knowledge?

No. SecureFlow is a hosted web app — just sign up and use it in your browser. No installation, no code, no API keys.

Do I need to provide an OpenAI key?

No. The AI is built into the platform. You never configure API keys.

Is my data private?

Yes. Your documents are stored in your workspace only. They are never shared with other users or tenants. See our Security page.

What file formats can I upload?

For the vault: PDF, Word (.docx), plain text (.txt), Markdown (.md), CSV. For questionnaires: CSV or Excel (.xlsx).

Can multiple people use the same workspace?

Yes. The workspace admin can invite teammates and assign Admin, Editor, or Viewer roles.

What if the AI doesn't have enough information to answer a question?

It will say so rather than guess. Upload a relevant document to your vault and regenerate that row.