Legal
Privacy Policy
Last updated: 2026-05-11
Alpha notice. Floom is currently in alpha. This privacy policy is a placeholder. A full, GDPR-compliant policy will be published before general availability. During alpha, data handling is minimal and limited to what is necessary to provide the Service.
1. Data we collect
When you sign in, we collect your email address via Google OAuth. We store the apps you publish, their run history, and associated logs. We do not sell your personal data to third parties. Usage analytics may be collected in aggregate to improve the Service.
2. How we use your data
Your email is used to identify your account and send essential service notifications. Published app content is stored to power the hosted UI, REST endpoint, and MCP tool surface. Run logs are retained for debugging and are subject to the retention policy described in the Service documentation.
3. Run data
- When you publish an app, every run’s inputs, outputs, and logs are visible to you as the app owner. This is by design — you need it to debug and improve your app.
- No other user sees your app’s runs. Your runs are private to you.
- We process the data only to execute your runs. We don’t train models on it.
- Persistent app secrets are encrypted at rest and only injected at run time. They never appear in logs.
4. Deletion requests
During the alpha period you can request deletion of your account and associated data by emailing hello@floom.dev. We will process deletion requests within 30 days.