Security at FloatChat

We take customer data seriously.

Infrastructure

• DigitalOcean NYC3 (New York metro region)
• Multi-AZ redundancy
• 99.9% uptime SLA

Encryption

• TLS 1.3 in transit
• AES-256 at rest
• Customer data encrypted on disk and in backups

Access control

• 2FA / MFA required for all agent accounts
• SSO / SAML on Pro and Enterprise (Okta, Azure AD, Google Workspace)
• Custom roles / RBAC on Pro+
• IP allowlist on Pro+
• Audit logs on Pro+

Compliance

• GDPR + CCPA: built into the platform
• HIPAA option: available on Enterprise with signed BAA
• SOC 2 Type II: in progress (target Q4 2026)
• ISO 27001: roadmap

Application security

• Annual penetration testing (results available on request, Pro+)
• Bug bounty program (responsible disclosure to security@floatchat.com)
• Quarterly security training for all staff

Data handling

• Customer data never used to train AI models
• Data deletion within 30 days of account termination
• Data export available in your account settings

Vendor security

• All subprocessors vetted under our DPA
• Annual review of subprocessor security posture

Report a vulnerability

Email security@floatchat.com. We respond within 24 hours.