Security

Floumy is designed for teams that need planning and execution in one place without losing control over how the system is deployed and operated.

Security expectations vary by deployment model. Some teams want a managed service. Others want to run the platform in their own environment. Floumy supports both paths.

Deployment Models

Hosted by Floumy

Hosted deployments are for teams that want a managed environment with operations handled by Floumy.

Typical discussion areas include:

  • user access and workspace setup
  • data handling expectations
  • backup and recovery expectations
  • support and incident communication
  • rollout requirements across multiple teams

Self-hosted

Self-hosting is for teams that want full control over infrastructure, network boundaries, identity setup, and operational processes.

This model is usually a fit when you want to:

  • keep the application inside your own cloud or network environment
  • use your own monitoring, logging, and change-management processes
  • manage your own backup and recovery policies
  • keep deployment decisions under internal platform or security teams

Access and Visibility

Floumy is built around organizations, projects, membership, and project-level collaboration.

Relevant product areas include:

  • organization and project membership
  • project settings and roles
  • comments and mentions attached to work
  • an audit log for recent project activity
  • optional public pages for teams that deliberately choose to share selected views

Private work remains inside authenticated workspaces. Public visibility is controlled separately through build-in-public features.

What Security Reviews Usually Cover

For hosted evaluations, buyers typically ask about:

  • where and how the service is deployed
  • who administers access
  • how updates are handled
  • backup expectations
  • auditability and activity visibility
  • support and escalation paths

For self-hosted evaluations, buyers typically focus on:

  • deployment architecture
  • infrastructure ownership
  • identity integration requirements
  • data residency expectations
  • internal compliance and review processes

Security-Sensitive Teams Usually Choose One of Two Paths

Choose hosted when:

  • you want faster time to value
  • you prefer managed upgrades
  • you want a simpler operating model

Choose self-hosted when:

  • you need tighter infrastructure control
  • you have internal security review requirements
  • your platform team already manages shared internal systems

Need a Security Review?

If you need a security conversation before rollout, contact us with:

  • expected team size
  • preferred deployment model
  • procurement or review requirements
  • any data handling constraints

Use Contact Sales to start the discussion.