legal

Security.

Security at Fl8ws focuses on protecting accounts, assets, billing, provider integrations, and the production workflow.

Effective June 16, 2026

Program focus

  • Authenticated access and account-level authorization.
  • Separation of customer assets and billing state.
  • Controlled integrations with model, payment, storage, and infrastructure providers.
  • Monitoring for abuse, operational failures, and suspicious activity.
  • Least-privilege access for internal systems where practical.

Responsible disclosure

If you believe you found a vulnerability, report it privately before public disclosure. Include reproduction steps, affected URLs, impact, and screenshots or logs that do not expose customer data.

report a vulnerability

Testing rules

  • Do not access, alter, destroy, or exfiltrate data that is not yours.
  • Do not run denial-of-service, spam, social engineering, physical attacks, or extortion.
  • Do not publicly disclose a vulnerability until Fl8ws has had a reasonable time to investigate and remediate.
  • Stop testing and contact us if you encounter sensitive data.

No guarantee

We appreciate good-faith reports, but this page does not create a bug bounty, payment obligation, employment relationship, or permission to violate law.

This page is a product-ready draft for customer transparency and vendor review. It is not legal advice; Fl8ws should have counsel review it before relying on it as the final legal agreement.