Governance

The control layer
your processes run on.

Every process flow8 runs answers to a rule. Who can build it, who must approve it before it acts, what it's allowed to touch, and a permanent record of every decision. Control isn't a policy document — it's enforced in the engine.

✓ Human-in-the-loop approvals ✓ Role-based controls ✓ Policy enforced in the engine ✓ Full accountability
Talk to our team →

Governance is how the engine behaves — not a checkbox.

Other tools let anyone build anything and run it unattended. flow8 puts controls where the work actually happens: at the step, before it executes.

🛑
Approval gates
Any step can pause and wait for a human decision. The process holds until the right person approves or rejects — consequential actions never run unattended.
👥
Role-based controls
Separate permissions for who can view, run, edit, and administer each process. Scoped to the company entity and enforced at the API layer — not hidden in the UI.
📜
Policy enforcement
Rules about who can do what, where data may go, and which actions need sign-off are enforced by the engine on every run. Policy isn't documentation — it's executed.
🔀
Separation of duties
The person who builds a process isn't the one who has to approve its sensitive actions. Build, run, and sign-off can be split across different people and roles.
🔁
Change management
Every change to a process is attributed and recorded. You always know who changed what and when — and a controlled process never changes silently underneath you.
📋
Full accountability
Every trigger, access decision, approval, and entity change is logged with the actor and a timestamp. When someone asks who authorized it, the answer is already there.

Nothing consequential runs without sign-off.

Drop an approval gate into any process and it pauses at exactly that step. The request routes to the person responsible, and the run waits — no timeout pressure, no silent auto-approval. They approve or reject, and the decision is recorded with their name and the time. The process resumes only on a yes.

  • Pause any step until a named person decides
  • Approve or reject — the run only continues on approval
  • Every decision attributed to who made it, and when
  • Route different approvals to different people by step
  • Ideal gate before payments, sends, and AI-driven actions
Pending approval
vendor_payment · step 4 ⏳ AWAITING DECISION
Requested by invoice_processor
Assigned to M. Weber · Finance Lead
Action Pay €48,200 → ACME GmbH
✓ Approve ✕ Reject
Run paused at 09:12 · holds until decided · decision recorded with actor & timestamp

Every person gets exactly the control they should.

Building a process, running it, editing it, and managing who else can are four different powers. flow8 keeps them separate. Roles are scoped to the company entity, so one business unit can't see or trigger another's processes — and access is enforced at the API layer, not just hidden in the interface.

  • Distinct permissions for view, run, edit, and admin
  • Company-scoped multi-tenancy — units stay isolated
  • Access enforced at the API level, not just the UI
  • Denied actions are logged, not silently dropped
  • OAuth2 / SSO support for enterprise identity
Role permissions
Admin
View Run Edit Approve Manage
Approver
View Run Edit Approve Manage
Builder
View Run Edit Approve Manage
Operator
View Run Edit Approve Manage
Viewer
View Run Edit Approve Manage

Every decision leaves a record you can answer with.

Governance only counts if you can prove it held. flow8 records the events that matter — access granted and denied, approvals decided, entities changed, processes triggered — each with the actor, source, and timestamp. When an auditor or a board asks who authorized something, you don't reconstruct it. You export it.

  • Structured events: access, auth, entity, and module activity
  • Access-denied attempts recorded, not just successes
  • Actor, IP, and timestamp on every entry
  • Sensitive fields sanitized automatically in records
  • Configurable retention with enforced minimums
Governance event stream
09:12:41 APPROVAL
vendor_payment approved · €48,200
Decided by: M. Weber · step 4
09:11:58 ACCESS_DENIED
Run blocked — role lacks "Run" on payroll_export
Actor: t.lang · enforced at API
09:10:22 ENTITY
Process edited · approval gate added at step 4
Actor: a.ferraro · vendor_payment
09:09:05 ACCESS_GRANTED
Approver role assigned to M. Weber
Actor: admin · scope: Finance
09:08:30 AUTH
Login via SSO · passkey verified
Actor: m.weber · 10.0.4.18

Control at every stage of the process.

Governance isn't one gate at the end. It's applied from who builds a process to how long its record is kept.

01 · BUILD

Who can build

Only roles with edit rights can create or change a process. Building is separated from approving and running.

02 · RUN

Who can run

Run rights are granted per role and scope. Triggering a process is its own permission, logged on every execution.

03 · APPROVE

Who must sign off

Sensitive steps pause for a named approver. The decision — yes or no — is recorded against the person who made it.

04 · ACCOUNT

What is recorded

Every step, decision, and access event is kept with actor and timestamp, under retention rules you set.

The controls auditors and boards ask for.

flow8 gives you the building blocks of a governance program — without sending a single record to a vendor.

🛑 Approval workflows 👥 Role-based access 🔀 Separation of duties 📋 Complete audit trail 🇪🇺 GDPR-ready 🏛️ Data sovereignty

flow8 runs on your infrastructure, so the controls — and the evidence they produce — stay entirely under your authority. Nothing is processed, approved, or stored by a vendor with access to your records. Your governance obligations stay yours to demonstrate, on your own systems.

Show your board the controls.

Book 30 minutes and we'll walk through how approvals, roles, policy, and the audit trail work together — and how they'd map to the controls your organization has to demonstrate.

Book a call → See security & compliance