Oliver Hertzman Kraft
CEO & CTO, myflow
For anything on this site — security, privacy, AI, backups, sub-processors, compliance, contracts — write to Oliver directly. He'll either answer or loop in the right person.
- Security reports & vulnerability disclosure
Suspected vulnerabilities, account compromise, suspicious activity. Acknowledged within two business days.
- Privacy, GDPR, DPA
DPA requests, sub-processor change subscriptions, data subject request escalations.
- Sales & security questionnaires
Procurement questionnaires, custom contract terms, vendor onboarding.
- General support
Day-to-day product questions, account help, data restore requests.
Reporting a vulnerability
Email oliver@myflow.se with:
- A description of the issue and its potential impact.
- Steps to reproduce, ideally with a proof-of-concept.
- Your name and how you'd like to be credited (or to remain anonymous).
We commit to acknowledging your report within two business days, keeping you updated on remediation, and not taking legal action against researchers who report in good faith and follow coordinated disclosure.
Out of scope
- Denial-of-service attacks against myflow or any of its sub-processors.
- Social engineering of staff, customers, or sub-processor support teams.
- Physical attacks on offices, data centres or personnel.
- Findings that require already-compromised end-user devices.
- Issues in third-party services not under myflow's control or configuration.