Floo AI — A VLMS Global Company
Talk to sales
Company · Security

Security and compliance, by design.

Floo is built for enterprise voice operations — so security is not a checklist we filled out. It is the architecture.

TLS 1.2+

In transit

AES-256

At rest

100%

Audit logged

0

Cross-tenant access

Six principles

Security is what we say no to.

Six rules every line of Floo infrastructure follows.

Encrypt by default

TLS 1.2+ in transit. AES-256 at rest. No exceptions, no fallback to anything weaker.

Isolate every tenant

Per-tenant encryption keys. Logically isolated indexes. Row-level scoping in every query.

Audit everything

Every read, write, and admin action logged. Forever queryable. Customer-accessible.

Retain only what you choose

Configurable retention down to hours. Auto-deletion on schedule. Hard-delete on demand.

Detect and respond

Anomaly detection on access patterns. Alerts to security team. Auto-throttle on attack.

Never train on your data

Your call audio, transcripts, and knowledge base are not used to train shared models. Period.

Architecture

How a single byte travels through Floo.

From your customer's voice to your encrypted database, six layers of protection.

End-to-end data flow

Every byte, encrypted twice. Every request, isolated.

Customer

Browser / SDK

1

TLS 1.2+

In-transit encryption

2

Edge

DDoS + WAF

3

App Layer

Auth + tenant isolation

4

AES-256

At-rest encryption

5

Database

Tenant-scoped storage

6
TLS 1.2+ in transitAES-256 at restTenant-scoped accessAudit logged

Multi-tenant architecture

Your data never touches another customer's.

Every tenant gets a logically isolated index, a unique encryption key, and a row-level scoped database. No shared models, no cross-leak, no exception.

Tenant A1,240 / dayUnique keyAES-256Isolated indexTenant-scoped DBTenant B8,910 / dayUnique keyAES-256Isolated indexTenant-scoped DBTenant C330 / dayUnique keyAES-256Isolated indexTenant-scoped DB✓ Zero cross-tenant access. Verified by automated tests on every deploy.

Compliance

Standards we live by, paperwork we deliver.

Documents and DPAs available under NDA — write to security@floo.ai.

In progress

SOC 2 Type II

Audit underway. Type I report available under NDA.

Aligned

HIPAA

BAA available on Enterprise. Battle-tested at Valiant LifeCare.

Compliant

GDPR

Standard Contractual Clauses, DPA, data-subject rights.

Roadmap

ISO 27001

Targeted for next compliance cycle. Controls in place today.

Enforced

TLS 1.2+

All connections encrypted in transit. No HTTP fallback.

Enforced

AES-256

Customer data encrypted at rest, per-tenant keys.

Customer audit log

Trust, but verify. From your dashboard.

Every action — yours, ours, the system's — is on the record in your dashboard. Live preview.

floo.ai/dashboard/audit-log
● LIVE

Audit log · last 24 hours

42 events

  • API key rotated

    admin@acme.co · Key id ravox_***k4d2

    2 mins ago

  • Read transcript

    agent@acme.co · Call id call_8x7f9

    5 mins ago

  • Failed login attempt

    192.168.1.42 · Auto-blocked, alert sent

    11 mins ago

  • Tenant key re-generated

    system · Quarterly rotation

    1 hr ago

  • Data export requested

    owner@acme.co · GDPR Art. 20 — completed

    3 hrs ago

Every read, write, and admin action. Forever auditable.

Ready for your security review?

Send your questionnaire. We'll send back security documentation, DPA, BAA (where applicable), and a recorded walkthrough of our architecture.