Security & Privacy
Trust & Data Privacy
Floyo is a production platform for professional creators, studios, and enterprises who need strong protection for their intellectual property. Your creative work stays private, secure, and under your control.
Our Commitment to Creators
Floyo was built for filmmakers, artists, and studios working with valuable creative IP. We make a simple commitment:
- Your files and generated outputs are never used to train AI models
- Your creative work is never sold or licensed to third parties
- Your workspace is private by default
- You retain ownership of everything you create
- Your data is stored and processed in secure US infrastructure
01
You Own Your Work
You retain full ownership of all uploaded files and generated content, including images, videos, workflows, and trained models such as LoRAs.
Floyo does not sell or license your files to third parties. Your content remains private within your Team workspace unless you explicitly choose to share or publish it through Floyo's Community features. Only content you actively publish is made visible to others.
Trained weights and LoRAs created during Workflow Runs are scoped to the originating User/Team and are not made available to other customers.
02
Your Data Is Never Used for AI Training or Model Improvement
Floyo does not use your User Files for AI training or for any purposes other than providing, maintaining, and supporting the service.
Customer data, models, LoRAs, and outputs are used only within that User/Team's own projects and Workflow Runs. They are not reused, shared, or incorporated into other projects, platform-wide training, benchmarking, or model improvement, directly or indirectly.
03
Your Data Stays Secure in the United States
All customer data, including uploaded content, generated files, application data, workflow configuration, execution history, and authentication data, is stored and processed in US-based cloud infrastructure. Workflow execution environments are also hosted in US data centers.
Floyo does not configure or enable global distribution or caching of stored customer data. Customer data is not transferred outside the platform unless a User or Team explicitly downloads files or shares content using supported features. When a user enables a third-party API node, data required for that call is sent to that provider.
Security protections include:
- Enterprise-grade cloud providers maintaining compliance with SOC 2 Type II, SOC 3, PCI-DSS, and ISO/IEC 27001 standards
- Encryption at rest via cloud infrastructure providers
- All data in transit encrypted using TLS 1.2 or later
- Payment processing handled exclusively by Stripe, a PCI-DSS-certified provider
The Floyo web application is delivered globally via Vercel for performance and availability, but Vercel does not store or persist customer files. It functions as a presentation and request-routing layer only.
04
Who Can Access Your Files
Floyo uses a Team-based workspace model. Every user belongs to at least one Team, and each Team has its own isolated workspace. Access to files is limited to:
- You, as the owner of your personal Team workspace
- Members of your shared Team workspace, subject to role-based permissions (Owner, Admin, Member)
- Authorized Floyo support personnel, only when necessary to resolve issues, with validated user permission, and governed by internal protocols
Each Workflow Run executes in an isolated environment created specifically for the active User/Team, ensuring workflows cannot access data from other customers. At the end of each run, files and context associated with the User/Team are cleared.
Access to internal customer environments by Floyo personnel is tightly restricted, follows internal approval processes, and is tracked through logging and monitoring.
05
Data Retention & Deletion
You remain in control of your data lifecycle. You can download your generated content, including images, videos, and workflows, from the Floyo dashboard at any time.
- Subscriber files are retained for the duration of an active subscription
- Non-subscriber files may be removed after 72 hours of inactivity
- Full account deletion permanently removes personal data and private User Files within 30 days
- Database snapshot backups are retained for up to 7 days and then permanently purged
Deleting a file removes it from your workspace immediately. Permanent deletion from Floyo's storage can be requested at any time through a formal deletion request. Content previously published to Community features may remain available, but personal attribution is removed.
06
Security Practices
Floyo follows modern security engineering standards across the entire development and operations lifecycle:
- Secure coding practices aligned with the OWASP Top Ten
- Full separation of development, testing, and production environments
- All code changes undergo peer review and thorough testing before deployment
- Comprehensive security logging, uptime monitoring, and system metrics
- Regular privacy impact assessments with minimal data collection
- All employees follow comprehensive security training and established best practices
07
Standards & Compliance
Floyo is designed to meet the security and privacy expectations of enterprise and studio production environments handling highly sensitive intellectual property.
- Completed a Standardized Information Gathering (SIG) security assessment, available to customers upon request
- Actively pursuing ISO/IEC 27001 certification, with planned accreditation targeted for Q1 2026
- Infrastructure hosted on providers compliant with SOC 2 Type II, SOC 3, PCI-DSS, and ISO/IEC 27001
- Designed to comply with GDPR and applicable UK/EU data protection requirements; users in those regions consent to US-based processing as outlined in the Terms of Service and Privacy Policy
Enterprise
Dedicated Infrastructure for Studios & Enterprise
For organizations requiring stricter isolation, Floyo offers Enterprise-level options beyond the standard shared GPU model:
Dedicated host per session
Tear down the entire machine at the end of the user's session
Dedicated GPU
The entire machine (GPU + host) is reserved for your session, enabling cache reuse and faster reruns across workflows in the same browser tab
Dedicated customer pool
Reserve a GPU pool exclusively for a single Enterprise customer
Creator IP Guarantee
Floyo is a creative production platform. Your work stays yours.
Floyo exists to empower creators, not absorb their work into AI systems. Your files, outputs, workflows, models, and LoRAs remain scoped to your workspace. Customer data is not reused, shared, or incorporated into platform-wide training, benchmarking, or model improvement. Your creative assets remain your intellectual property.
Floyo is a creative production platform. Your work stays yours.
Report a Security Issue
If you discover a vulnerability or security-related issue, please report it to support@floyo.ai.
For general issues, reach the support team via live chat on Discord or at support@floyo.ai.
Full Documentation
This page is a summary. For comprehensive technical details, contact us at support@floyo.ai.