Platform Features

Built for teams that move fast — and ship safely

Everything you need to automate processes, build apps, and manage data — with the governance, versioning, and audit trail your business can stand behind.

Workflow Engine

Deterministic workflows, designed visually

Build sophisticated automations on a drag-and-drop canvas — a rich library of built-in step types covering data, logic, documents, communications, and AI, extended without limit through the Marketplace. The same input produces the same process, every time, with every step recorded.

  • Trigger from forms, webhooks, schedules, inbound email or SMS, and data changes
  • Conditional branching, loops, lookups, and reusable subflows
  • Approval gates — flows pause for designated approvers, with the full decision history in the audit trail
  • Native PDF generation, email send & receive, and SMS in both directions
  • Call any external system via HTTP, webhooks, or MCP
 Quote-to-Cash Flow
⚡ Webhook: deal closed Trigger
🔀 If value > $25k Branch
✅ CFO approval gate Approval
📄 Generate contract PDF → email Action
Built-In Database

Smart data, built in

A queryable relational database with 22 semantic column types that understand your data — emails, phones, addresses, currency, references, formulas — and validate it automatically.

  • Relations, lookups, indexes, and computed fields
  • Table triggers fire flows the moment rows change
  • Row-level audit logs — an immutable record of every data event
  • Aggregate analytics with grouping and time-bucketing, no spreadsheet exports
  • Bulk import/export, OData-style filtering, and full-text search
 Customers — Table
NameEmail ✓Phone ✓Plan
Acme Corpteam@acme.co+1 415 555 0100Pro
Beta Labshi@betalabs.io+44 20 7946 0958Team
Nova Incinfo@nova.com+1 212 555 0177Enterprise

✓ validated & enriched automatically — 22 semantic types

Data You Can Trust

Validation & enrichment, on every record

Bad data breaks automation. FlowClick cleans it as it arrives — as workflow steps or automatically by column type.

  • Email validation — format, MX lookup, SMTP ping, and disposable-domain detection
  • Address geocoding — coordinates plus standardized address fields
  • Phone normalization — international E.164 formatting
  • URL validation with reachability checks
  • One-step record enrichment runs every registered enrichment for a record's column types
 Enrichment Pipeline
📥 "jsmith@gmial.com · 555-0142 · 123 main st"Raw
↓ validate · geocode · normalize
✨ jsmith@gmail.com ✓ · +1 555 0142 · 123 Main St, Austin TXClean
Apps & Portals

Full-stack web apps — no backend required

Build internal tools, dashboards, and authenticated customer-facing applications with a point-and-click builder. Every component connects directly to your workflows and database.

  • Native authentication with login, signup, sessions, and MFA enrollment
  • Pre-built components: tables, charts, forms, buttons — responsive by default
  • Server-side includes execute flows inline on page load
  • Public portals, forms, and websites on custom domains
  • Compliance built in: consent banners, erasure requests, and DSAR exports as single HTML tags
 Customer Portal
3
Open tickets
24
Resolved
🤖 AI Assistant: "How can I help today?"Live
AI Agent

AI that acts, not just answers

FlowClick's agent isn't a chatbot bolted on the side — it has governed access to your data, flows, files, and configuration, and every action it takes lands in the audit trail.

  • Reads and writes records, triggers flows, sends email, generates documents
  • Runs as a step inside any workflow — classify, enrich, summarize, route
  • Powered by frontier models (Claude by default) with cost-optimized model routing
  • Two-way MCP: agent steps call tools on any MCP server — and your flows publish as MCP tools that Claude or any assistant can call
  • Embeddable in public web apps for customer-facing assistance

How FlowClick works with your AI stack →

 Agent Step — Run Log
🎫 Ticket #4821 receivedTrigger
🤖 Agent: classified "Billing" · priority HighAI
📝 Record updated · routed to FinanceAudited
Govern & Ship

Version control and release management for no-code

No-code shouldn't mean no discipline. FlowClick brings software-grade change management to your workflows and apps — without making anyone learn git.

  • FlowGit — branches, commits, diffs, merges, merge requests, and tags for your applications
  • FlowBuild — change requests, releases, environment promotion with approvals, deployment, and one-click rollback
  • Version snapshots at app and object level, with restore
  • Edit locks prevent two people from clobbering the same flow
  • Immutable audit logs at both the data and API level
 Release 2.4 — Pipeline
🔀 CR-118: new approval flowMerged
🧪 Staging — validation passedPromoted
🚀 Production deployAwaiting approval
Communications & Documents

Email an inbox, start a workflow

Every FlowClick app can have its own managed mailbox — an addressable email endpoint that triggers flows on arrival. No mail server, no IMAP setup.

  • Inbound email triggers flows; email_reply answers the original sender automatically
  • SMS send and receive via your configured provider
  • Branded PDF generation from HTML templates and live data
  • Templated documents, merge fields, and scheduled delivery
  • IMAP supported too, for existing mailboxes
 orders@yourapp.flowclick.app
📧 PO attached from customerInbound
↓ parse · validate · create order
↩️ Confirmation reply + PDF receiptSent
Deploy Anywhere

Your infrastructure, your rules

Run in FlowClick Cloud, on-premise behind your firewall, or export applications as standalone packages on any infrastructure.

  • FlowClick Cloud — managed, scaled, and updated for you
  • On-premise for strict compliance and data-residency requirements
  • Standalone runtime — deploy exported apps to AWS, GCP, Azure, or any OS
  • Portable .hpkg app bundles: export, import, and share entire applications — never locked in
  • A growing Marketplace of integrations, custom steps, and ready-to-install packages — the step library is essentially limitless
☁️ FlowClick CloudFastest start
🏢 On-premiseFull control
📦 Standalone .hpkg runtimeAny IaaS
Enterprise Security

Security built into every layer

FlowClick doesn't bolt security on as an afterthought — it's embedded from the database engine to the web layer. Your data is protected by design, not by configuration.

Zero SQL injection

All queries are parameterized at the engine level — not by developer discipline. There is no way to construct raw SQL through the platform, eliminating injection risk entirely.

Column-level AES-256-GCM

Encrypt individual columns at the application layer — beyond database-level encryption. Sensitive PII, PHI, and financial fields are encrypted on write, decrypted on read, transparently.

Multi-factor authentication

Built-in TOTP-based MFA (RFC 6238) with QR code enrollment. One SSI directive renders the complete setup flow — no third-party auth provider required.

Auto-hashed passwords

Password columns are one-way hashed by default — never exposed to clients or API responses. Authentication works via filter-level hash comparison, never raw reads.

Table-level audit logging

Per-table audit trails for reads, writes, and exports. Data classification labels (PII, PHI, Financial, Confidential) tag tables for compliance reporting and dashboards.

WORM file retention

Immutable object-lock storage with configurable retention periods in compliance or governance modes. Files cannot be modified or deleted until the retention window expires.

Also built in: automatic CSRF validation on every form · role-based access per user, group, and resource · secure session tokens · mandatory TLS · isolated VPC with private routing · auto-provisioned SSL certificates · encrypted Postgres at rest · mTLS with IP whitelisting · continuous protection with point-in-time recovery

Compliance

Compliance-ready from day one

These aren't bolt-ons — they're native platform capabilities with dedicated SSI directives, automated workflows, and full audit trails. Enable what you need per folder with a single setting.

Right to erasure

Automated deletion across all PII/PHI-classified tables matching a data subject identity — hard-delete with full audit logging. One SSI directive renders a public-facing erasure request form.

Supports: GDPR Art. 17 · CCPA · LGPD

Consent management

Purpose-based consent tracking with grant/revoke support — records subject, purpose, timestamp, IP, and user agent. An SSI directive renders a consent banner with per-purpose checkboxes.

Supports: GDPR Art. 6–7 · ISO 27018 · PIPEDA · LGPD

DSAR & data portability

Automated Data Subject Access Requests scan all PII/PHI tables and export a structured file. An SSI directive provides a public-facing data export request form with full audit logging.

Supports: GDPR Art. 15/20 · CCPA 1798.100/110 · PIPEDA

BAA & DPA agreements

Business Associate Agreements signed with our infrastructure providers. Data Processing Agreements and Standard Contractual Clauses available for international data transfers.

Supports: HIPAA · GDPR Art. 46 · HITECH Act

HIPAA GDPR SOC 2 Type II SOC 1 Type II SOC 3 PCI DSS ISO 27001 ISO 27017 ISO 27018 SEC Rule 17a-4 SOX HITECH CCPA / CPRA GLBA FERPA PIPEDA LGPD

…and the toolbox keeps going

Table analytics

Aggregate queries with grouping and time-bucketing — report on data where it lives.

Background jobs

Long-running work runs as monitorable jobs — retry failed runs with one click.

Text diff & hashing

Structured text comparison, SHA-256, and HMAC steps for content integrity.

Webhook delivery logs

Every inbound webhook recorded immutably — debug integrations with confidence.

See the whole platform in one demo

Bring a real process from your business — we'll build it live.

Start Free Trial Schedule a Demo