New Client Onboarding

Everything you need to know
before you go live.

This guide walks you through what to prepare, how onboarding works, and how Multiflows protects your data.

⏱ Total setup time: 15–25 minutes

🔒 Enterprise-grade security from day one

🤖 AI-guided configuration

Before You Start

What you'll need to get started.

Have these ready before your onboarding session. Most take less than 5 minutes to gather.

🎟️

Invitation Code

A unique code issued by your Multiflows account executive.

🏢

Company Info

Your company name and website URL. Multiflows will automatically scan your site to build context.

🔑

Email & Password

Use your business email. Password must be 12+ characters with uppercase, lowercase, and a digit.

🤖

OpenAI API Key

Powers AI email drafting, prospect research, and ICP generation. Your key — your data. Encrypted immediately.

🔭

Apollo API Key

Used for prospect enrichment and contact discovery. Gives access to verified contact data.

📬

Email Provider

Connect Gmail or Outlook via OAuth2. You can skip this and connect later.

Optional — can skip

Onboarding Process

Seven steps. Fully guided.

Our AI walks you through every step — no engineering required.

~2 min

API KeysEncrypted instantly

Enter your OpenAI and Apollo API keys. Both are encrypted immediately using Fernet (AES-128-CBC + HMAC-SHA256) and stored securely in your private tenant.

~1 min

Connect Email ProviderOptional

Link your Gmail or Outlook account via OAuth2. Multiflows will send and manage emails on your behalf. You can skip this step.

~30 sec

Automated SetupFully automatic

Multiflows creates your email labels, scrapes your company website, and initializes your private vector store for RAG-powered personalization. No action required.

5–10 min

ICP ConfigurationAI-guided

Describe your product and target market. The AI generates 5 Ideal Customer Profiles. You review and approve each one.

3–5 min

Email PreferencesAI-guided

Describe your outreach style. The AI generates a custom email template reflecting your brand voice.

3–5 min

Research PreferencesAI-guided

Tell the AI what to focus on when researching prospects — company news, hiring signals, tech stack, competitor usage.

✓

Instant

You're LiveReady to run

Onboarding complete. You'll be redirected to your dashboard where your first outbound campaign is ready to launch.

⏱

Total onboarding time: 15–25 minutes — including AI configuration, email connection, and campaign setup.

Security

Enterprise-grade security.
Built in from day one.

🔐

Authentication

→Invitation-only signup — no open registration, ever
→bcrypt password hashing with auto-generated salt
→JWT access tokens with 1-hour expiry + 7-day revocable refresh tokens
→Login lockout after 5 failed attempts (15-min cooldown)
→Full logout with token blacklisting

🔒

Encryption

→At rest: Fernet (AES-128-CBC + HMAC-SHA256) for all credentials and tokens
→In transit: TLS/HTTPS enforced via HSTS (1-year max-age, preload)
→Passwords: bcrypt with per-user salt — never stored in plaintext
→API keys encrypted on entry and never exposed in logs

🛡️

API & Input Security

→Rate limiting: 120 requests/minute per user
→SQL injection prevention: 100% parameterized queries
→Input validation: 45 Pydantic models, search limits, file size limits
→Column whitelists on all dynamic UPDATE operations

🌐

Browser & Network Security

→HSTS, CSP (default-src 'none'), X-Frame-Options: DENY
→Strict CORS whitelist, X-Content-Type-Options: nosniff
→SSRF Protection: URL scheme whitelist, private IP blocking
→PostgreSQL and Temporal on private network — zero public access

Privacy & Data Ownership

Your data is yours.
Always.

🏗️

Multi-Tenant Isolation

Every table is scoped by your unique client_id. Architecturally impossible to access another tenant's data.

🗝️

Your Keys, Your AI

Your OpenAI and Apollo API keys are stored encrypted in your private tenant. Never pooled or shared.

📦

Full Data Ownership

All prospect data, email history, and configurations belong to you. Cascading deletes on account removal.

🔍

AI Transparency & Audit Trails

Every AI decision is logged. Every edit tracked. Full visibility into what the AI did and why.

🔓

OAuth Tokens — Revocable Anytime

Your email OAuth tokens are encrypted, scoped to your tenant, and revocable from your dashboard at any time.

⚖️

Compliance-Ready Architecture

Cascading deletes for GDPR Art. 17. Per-tenant isolation for data minimization. Full audit trails.

GDPR Art. 17 Ready — cascading deletes on account removal

Zero data sharing — per-client API keys, never pooled

Full audit trail — AI decisions, edits, and token history logged

Ready to get started?
Your AE has your invite.

Reach out to your Multiflows account executive to receive your invitation code.

Go to app →Contact your AE

New Client Onboarding

Everything you need to know
before you go live.

This guide walks you through what to prepare, how onboarding works, and how Multiflows protects your data.

⏱ Total setup time: 15–25 minutes

🔒 Enterprise-grade security from day one

🤖 AI-guided configuration

Before You Start

What you'll need to get started.

Have these ready before your onboarding session. Most take less than 5 minutes to gather.

🎟️

Invitation Code

A unique code issued by your Multiflows account executive.

🏢

Company Info

Your company name and website URL. Multiflows will automatically scan your site to build context.

🔑

Email & Password

Use your business email. Password must be 12+ characters with uppercase, lowercase, and a digit.

🤖

OpenAI API Key

Powers AI email drafting, prospect research, and ICP generation. Your key — your data. Encrypted immediately.

🔭

Apollo API Key

Used for prospect enrichment and contact discovery. Gives access to verified contact data.

📬

Email Provider

Connect Gmail or Outlook via OAuth2. You can skip this and connect later.

Optional — can skip

Onboarding Process

Seven steps. Fully guided.

Our AI walks you through every step — no engineering required.

~2 min

API KeysEncrypted instantly

Enter your OpenAI and Apollo API keys. Both are encrypted immediately using Fernet (AES-128-CBC + HMAC-SHA256) and stored securely in your private tenant.

~1 min

Connect Email ProviderOptional

Link your Gmail or Outlook account via OAuth2. Multiflows will send and manage emails on your behalf. You can skip this step.

~30 sec

Automated SetupFully automatic

Multiflows creates your email labels, scrapes your company website, and initializes your private vector store for RAG-powered personalization. No action required.

5–10 min

ICP ConfigurationAI-guided

Describe your product and target market. The AI generates 5 Ideal Customer Profiles. You review and approve each one.

3–5 min

Email PreferencesAI-guided

Describe your outreach style. The AI generates a custom email template reflecting your brand voice.

3–5 min

Research PreferencesAI-guided

Tell the AI what to focus on when researching prospects — company news, hiring signals, tech stack, competitor usage.

✓

Instant

You're LiveReady to run

Onboarding complete. You'll be redirected to your dashboard where your first outbound campaign is ready to launch.

⏱

Total onboarding time: 15–25 minutes — including AI configuration, email connection, and campaign setup.

Security

Enterprise-grade security.
Built in from day one.

🔐

Authentication

→Invitation-only signup — no open registration, ever
→bcrypt password hashing with auto-generated salt
→JWT access tokens with 1-hour expiry + 7-day revocable refresh tokens
→Login lockout after 5 failed attempts (15-min cooldown)
→Full logout with token blacklisting

🔒

Encryption

→At rest: Fernet (AES-128-CBC + HMAC-SHA256) for all credentials and tokens
→In transit: TLS/HTTPS enforced via HSTS (1-year max-age, preload)
→Passwords: bcrypt with per-user salt — never stored in plaintext
→API keys encrypted on entry and never exposed in logs

🛡️

API & Input Security

→Rate limiting: 120 requests/minute per user
→SQL injection prevention: 100% parameterized queries
→Input validation: 45 Pydantic models, search limits, file size limits
→Column whitelists on all dynamic UPDATE operations

🌐

Browser & Network Security

→HSTS, CSP (default-src 'none'), X-Frame-Options: DENY
→Strict CORS whitelist, X-Content-Type-Options: nosniff
→SSRF Protection: URL scheme whitelist, private IP blocking
→PostgreSQL and Temporal on private network — zero public access

Privacy & Data Ownership

Your data is yours.
Always.

🏗️

Multi-Tenant Isolation

Every table is scoped by your unique client_id. Architecturally impossible to access another tenant's data.

🗝️

Your Keys, Your AI

Your OpenAI and Apollo API keys are stored encrypted in your private tenant. Never pooled or shared.

📦

Full Data Ownership

All prospect data, email history, and configurations belong to you. Cascading deletes on account removal.

🔍

AI Transparency & Audit Trails

Every AI decision is logged. Every edit tracked. Full visibility into what the AI did and why.

🔓

OAuth Tokens — Revocable Anytime

Your email OAuth tokens are encrypted, scoped to your tenant, and revocable from your dashboard at any time.

⚖️

Compliance-Ready Architecture

Cascading deletes for GDPR Art. 17. Per-tenant isolation for data minimization. Full audit trails.

GDPR Art. 17 Ready — cascading deletes on account removal

Zero data sharing — per-client API keys, never pooled

Full audit trail — AI decisions, edits, and token history logged

Ready to get started?
Your AE has your invite.

Reach out to your Multiflows account executive to receive your invitation code.

Go to app →Contact your AE

Everything you need to knowbefore you go live.

What you'll need to get started.

Seven steps. Fully guided.

Enterprise-grade security.Built in from day one.

Your data is yours.Always.

Ready to get started?Your AE has your invite.

Everything you need to knowbefore you go live.

What you'll need to get started.

Seven steps. Fully guided.

Enterprise-grade security.Built in from day one.

Your data is yours.Always.

Ready to get started?Your AE has your invite.

Everything you need to know
before you go live.

Enterprise-grade security.
Built in from day one.

Your data is yours.
Always.

Ready to get started?
Your AE has your invite.

Everything you need to know
before you go live.

Enterprise-grade security.
Built in from day one.

Your data is yours.
Always.

Ready to get started?
Your AE has your invite.