Support access
Support Access Policy
How RequestFlow handles support access to customer environments and client document data.
Last updated: June 9, 2026
What this page covers
RequestFlow's support access model is built around customer control. Platform support access is disabled by default and requires an explicit firm grant.
Grant required
Support admins cannot access customer data just because a support question exists.
- An organization owner grants temporary support access.
- The grant includes reason, scope, grantor, support admin, and timestamps.
- Sensitive support actions require MFA where the product requires it.
Audit and revocation
Support access is tracked and can be revoked.
- Grant creation creates a support_access.granted audit event.
- Revocation creates a support_access.revoked audit event.
- Support access grant records are retained for three years.
Support boundaries
Support access is for helping with product issues, not for reviewing client files or performing firm work.
- Support staff should access the minimum data needed to resolve the issue.
- Support access does not replace the firm's own client authorization, compliance, or retention obligations.
- Do not send sensitive client documents by email unless a separate secure support process has been agreed.
Questions before launch?
Tell us what your firm needs to know before launch, and we will follow up with the right privacy, terms, or security details.