Your data is safe with us.
US data residency, encryption at rest and in transit, SOC 2 Type II in progress. Here's how we protect your customers' data.
US data residency.
DigitalOcean NYC3 (New York metro). Multi-availability-zone redundancy. Your data never leaves the US without your consent.
Encryption everywhere.
TLS 1.3 in transit. AES-256 at rest. Customer data encrypted on disk and in backups.
Access controls.
2FA/MFA required for all agent accounts. SSO/SAML on Pro and Enterprise. Custom roles/RBAC on Pro+. IP allowlist on Pro+.
SOC 2 Type II in progress.
Target Q4 2026. Annual penetration testing (results available on request, Pro+). Bug bounty program at security@floatchat.com.
HIPAA option on Enterprise.
Available on Enterprise with signed Business Associate Agreement (BAA). PHI encryption, audit logs, custom data retention.
GDPR + CCPA built in.
Privacy controls, data export, data deletion within 30 days of account termination. DPA available for EU/UK/California customers.
Compliance by plan
| Feature | Free | Lite | Starter | Growth | Pro | Enterprise |
|---|---|---|---|---|---|---|
| 2FA/MFA | Yes | Yes | Yes | Yes | Yes | Yes |
| Encryption at rest | Yes | Yes | Yes | Yes | Yes | Yes |
| SSO / SAML | No | No | No | No | Yes | Yes |
| Custom Roles / RBAC | No | No | No | No | Yes | Yes |
| Audit logs | No | No | No | No | Yes | Yes |
| IP allowlist | No | No | No | No | Yes | Yes |
| HIPAA BAA | No | No | No | No | No | Yes |
Have security questions?
Talk to our team about Enterprise security requirements, HIPAA contracts, and custom compliance needs.
Talk to Sales