- TLS for browser sessions and API traffic
- HTTPS-only remote media and import fetches
- Secure session handling through our auth provider
Security & Privacy
How Florality protects your system data - from sign-in and sharing controls to API access and exports.
- No selling or renting your personal or system data
- No AI training or sharing your data with AI providers
- TLS encryption for data in transit
- Scoped API keys with per-resource access controls
- Granular privacy buckets for what you share
Your data stays yours
Florality is built for systems who need a safe home for sensitive information. We do not sell, rent, or trade your data.
Encrypted in transit
Connections between your browser and Florality use industry-standard TLS so traffic stays protected on the wire.
Least-privilege by design
Staff access to infrastructure is restricted. API keys are scoped per resource. Privacy buckets control what friends can see.
Built for plural systems
Security is not an afterthought. Member profiles, fronting, notes, and sharing controls are designed around real system privacy needs.
01
Platform & infrastructure
Florality runs on modern cloud infrastructure with monitoring, backups, and secure defaults across the stack.
Secure hosting & operations
The platform is hosted on managed infrastructure with automated backups and continuous monitoring. Operational access is limited to authorised personnel.
- Automated backups to protect against data loss
- Continuous monitoring for availability and anomalies
- Restricted infrastructure access on a need-to-know basis
02
Account protection
Sign-in and account security are handled by Clerk, with additional controls available directly in your Florality settings.
Strong sign-in options
Protect your account with modern authentication methods. Florality supports password sign-in alongside stronger options managed in Settings → Account → Security.
03
Sharing & privacy controls
Florality gives you fine-grained control over what information is visible, and to whom, across members, fields, and profile sections.
Privacy buckets
Assign members, groups, directories, custom fields, and profile sections to privacy buckets. Friends only see content that overlaps with buckets they are allowed to access.
- Per-resource bucket assignments across your system
- Default buckets for new members, groups, and fields
- Friend visibility enforced in server-side services
Cookie & analytics consent
Non-essential cookies and analytics are opt-in. You can accept, reject, or customise preferences at any time from the site cookie banner or footer controls.
- Analytics and preferences cookies require consent
- Granular controls for preferences vs analytics
- Full details in our Privacy Policy
04
API & developer security
The Florality Public REST API uses explicit, least-privilege credentials so integrations only get the access you grant.
Scoped API keys
Each API key sets every resource to No access, Read, or Read + Write. There are no wildcards - you choose exactly what each integration can touch.
- Per-resource none, read, or read_write scopes
- Bearer token authentication on every API request
- Full token shown once at creation; dashboard shows masked prefix
05
Data ownership & portability
You control your information. Export it, understand how we use it, and reach us when you have questions.
Clear data ownership
Your system data belongs to you. We process it to provide the service, not to build advertising profiles or sell lists to third parties.
- We do not sell or rent personal or system data
- Staff access to user data only when needed for support you request
- Privacy Policy explains collection, use, and retention
- We only use your data to make Florality work for you
Export & transparency
Download a comprehensive export of your Florality data from Settings → Export. JSON, CSV, and HTML preview formats are available.
- GDPR-style export covering members, notes, settings, and more
- JSON, CSV, and HTML preview download options
- Self-serve export from your dashboard
06
Billing security
Paid plans and donations are processed by Stripe. Florality does not store your full card details on our servers.
Stripe-powered checkout
Subscriptions and donations run through Stripe Checkout and the Stripe Customer Portal. Card data is handled by Stripe's PCI-compliant infrastructure.
Responsible disclosure
Found a security issue?
If you believe you have found a vulnerability, please report it to vulnerabilities@floralitys.com with enough detail for us to reproduce it. We take reports seriously and will respond as quickly as we can.
Go deeper
Policies, API references, and support channels for security and privacy questions.
Privacy Policy
How we collect, use, store, and protect your personal information.
Privacy buckets API
Technical reference for bucket assignments and friend visibility rules.
API authentication
Bearer tokens, key format, and how scopes gate each endpoint.
Contact & support
Questions about security, privacy, or your account? Reach our team directly.
Your system deserves a secure home
Start free. Control what you share. Export your data whenever you need it.

