Trust & security

Your data stays yours.

Flow AI is built so that getting cheaper, completion-aware routing never means giving up control of your data. Privacy isn't a setting here — it's the architecture.


The privacy pillars

We never read your prompts

Routing is content-free — model selection is driven by tool-use and task-completion signal alone, never prompt content. We don't inspect, log for training, or sell your data.

Encrypted at rest

Anything cached is encrypted with content-derived keys. Keys and secrets are stored encrypted; in-flight traffic is TLS end to end.

Sensitive work stays first-party

Prompts containing secrets or PII are automatically kept off third-party operator machines. Flip on Trusted-sellers-only to force all traffic to first-party APIs and your own keys.

Connected-plan isolation

Connect your provider subscriptions and they're used only to serve your routed traffic — scoped to your account, never shared, removable any time.

The Hive: spare capacity, never your data

The Hive is the most-asked-about part of Flow AI, so here's exactly how it protects you.

Shares capacity — never data

The Hive pools spare model capacity across the community. One member's idle capacity processes another's prompts; no one ever sees another member's content.

Encrypted & decentralized

An encrypted, decentralized system of sharing resources within our community — not a data lake, not a “hive mind.”

A co-op, not a data grab

Members contribute spare capacity and draw on the pool, so everyone's tokens go further. It's mutual aid for compute — your prompts stay yours.

Compliance

We follow SOC 2-aligned practices today — least-privilege access, encryption in transit and at rest, audit logging, and content-free routing — and a formal SOC 2 Type II audit is on our roadmap. We'll publish the report here when it's complete. We don't claim certifications we don't yet hold.

Read the full privacy policy and terms. Security questions or disclosure: privacy@flowaiapi.com.