Security & Privacy

Trust & Data Privacy

Floyo is a production platform for professional creators, studios, and enterprises who need strong protection for their intellectual property. Your creative work stays private, secure, and under your control.

Our Commitment to Creators

Floyo was built for filmmakers, artists, and studios working with valuable creative IP. We make a simple commitment:

Floyo does not use your files or outputs to train AI models
Floyo does not sell or license your creative work to third parties
Your workspace is private by default
You own the files you upload and the work you create
Your data is stored and processed in secure US infrastructure

What happens with third-party models depends on the model you choose. Our Trust Center verifies each one, model by model.

Trust Center

Verified Private + Commercial Use, model by model.

You choose which models you run on Floyo, and we verify each one across two dimensions:

Verified Private

A contract bars the provider from training on content you run through Floyo. Self-hosted open-source models qualify by default, since your content never leaves Floyo.

Commercial Use

Outputs are cleared for commercial production.

Models that aren't verified are governed by the provider's own terms, and we flag them clearly so there's no guesswork.

You Own Your Work

You retain full ownership of all uploaded files and generated content, including images, videos, workflows, and trained models such as LoRAs.

Floyo does not sell or license your files to third parties. Your content remains private within your Team workspace unless you explicitly choose to share or publish it through Floyo's Community features. Only content you actively publish is made visible to others.

Trained weights and LoRAs you create are scoped to your User/Team and are not made available to other customers.

Commercial-use rights for model outputs vary by model. Our Trust Center verifies, model by model, which models are cleared for commercial production.

Your Data Stays Secure in the United States

All customer data, including uploaded content, generated files, application data, workflow configuration, execution history, and authentication data, is stored and processed in US-based cloud infrastructure. Workflow execution environments are also hosted in US data centers.

Floyo does not configure or enable global distribution or caching of stored customer data. Customer data is not transferred outside the platform unless a User or Team explicitly downloads files or shares content using supported features. When a user enables a third-party API node, data required for that call is sent to that provider.

Security protections include:

Enterprise-grade cloud providers maintaining compliance with SOC 2 Type II, SOC 3, PCI-DSS, and ISO/IEC 27001 standards
Encryption at rest via cloud infrastructure providers
All data in transit encrypted using TLS 1.2 or later
Payment processing handled exclusively by Stripe, a PCI-DSS-certified provider

The Floyo web application is delivered globally via Vercel for performance and availability, but Vercel does not store or persist customer files. It functions as a presentation and request-routing layer only.

Who Can Access Your Files

Floyo uses a Team-based workspace model. Every user belongs to at least one Team, and each Team has its own isolated workspace. Access to files is limited to:

You, as the owner of your personal Team workspace
Members of your shared Team workspace, subject to role-based permissions (Owner, Admin, Member)
Authorized Floyo support personnel, only when necessary to resolve issues, with validated user permission, and governed by internal protocols

Each Workflow Run executes in an isolated environment created specifically for the active User/Team, ensuring workflows cannot access data from other customers. At the end of each run, files and context associated with the User/Team are cleared.

Control

Admin governance, enforced.

Admins decide which models the team can use, so the privacy and licensing guarantees hold across the whole org:

Block all unverified or non-commercial models in one toggle, or deny specific ones by name.
Enforcement applies across the entire workspace, so your team stays compliant.

Data Retention & Deletion

You remain in control of your data lifecycle. You can download your generated content, including images, videos, and workflows, from the Floyo dashboard at any time.

Subscriber files are retained for the duration of an active subscription
Non-subscriber files may be removed after 72 hours of inactivity
Full account deletion permanently removes personal data and private User Files within 30 days
Database snapshot backups are retained for up to 7 days and then permanently purged

Deleting a file removes it from your workspace immediately. Permanent deletion from Floyo's storage can be requested at any time through a formal deletion request. Content previously published to Community features may remain available, but personal attribution is removed.

ENTERPRISE

Built for Studios & Enterprise

Studio-vetted security and control.

Floyo Enterprise is the governance layer on top of ComfyUI: collaboration, security, and cost control for entire production teams.

Private by Default

Assets and IP stay private by default, with granular, role-based access per user and separate teams that keep client work confidential.

Verified Private & Commercial Use

Models tagged Verified Private (no training on your data) and Commercial Use (rights cleared), with admins allowing only org-approved models.

Centralized Control

Restrict which nodes users can run, build proprietary nodes private to your org, and manage seats, roles, and workflow permissions.

Full Usage Visibility

Track who ran what and how long, attribute spend by user or project, with no surprises at the end of the month.

Report a Security Issue

If you discover a vulnerability or security-related issue, please report it to security@floyo.ai.

For general issues, reach the support team via live chat or at support@floyo.ai.