Flutty
Flutty Docsdocs.flutty.dev
Support

Legal

Security practices

Flutty uses layered safeguards to protect accounts, workspace data, connectors, billing flows, previews, and live sites.

Policies4 sections
Browse docs
Privacy PolicyTerms of UseCookie PolicyAcceptable Use PolicySubprocessorsRefund and Cancellation PolicyData Processing AddendumSecurity Practices
On this page
Security programControlsCustomer responsibilitiesIncidents

Approach

Security program

Flutty uses a risk-based security program covering account access, application security, infrastructure, runtime environments, connectors, billing flows, previews, live-hosting gateways, logging, and incident response.

Safeguards

Controls

Authentication and authorization controls for user-facing routes and workspace access.

Least-privilege access for administrative systems and production services.

Encryption in transit and encryption at rest where provided by infrastructure and storage providers.

Secrets handling for OAuth tokens, connector credentials, billing provider secrets, and runtime credentials.

Security headers, HTTPS, and hardened browser-facing defaults.

Logging and monitoring for service health, abuse detection, and incident investigation.

Runtime isolation and cleanup practices for generated projects and preview environments.

Append-only records for billing ledger and legal acceptance events.

Shared model

Customer responsibilities

Customers are responsible for reviewing generated output, securing connected provider accounts, managing repository/database access, publishing lawful content, configuring custom domains safely, and including legal notices required for their own published sites.

Response

Incidents

If Flutty identifies a security incident affecting personal data, we will investigate, contain, remediate, and notify affected users or regulators when required by law.