Any worker that sends an email, posts a message, or takes an action outside your workspace pauses in an approval queue first. You approve, edit, or reject before it runs. Read-only workers run on their own; the moment a loop wants to act on the outside world, it waits for you.
Every run on the record
Every run keeps its full inputs, outputs, and logs. You can audit exactly what a worker did on your behalf, replay it, or download the bundle. There is no hidden state: if it happened, it is on the record.
Scoped, revocable connections
You connect tools (Gmail, Slack, GitHub, HubSpot, and more) via OAuth through Composio. Floom holds the token and uses it only to run the workers you build. Revoke access in the source tool and every worker that depends on it stops immediately.
Secrets are write-only
Credentials you store are referenced by name and are never printed back, echoed in a reply, or shown in logs. The CLI and the agent are built to never surface a secret value, only to use it.
Workers run isolated
Each worker runs in its own sandboxed environment, not on a shared, long-lived process. A worker sees only the connections and context you gave it.
Your data stays yours
We do not sell your data and we do not train shared models on your worker outputs. Your workspace data is visible to your workspace and its members; Floom support looks only when you ask us to debug a run. See Privacy for the full picture.
Pause or delete anytime
Stop, edit, or retire any loop whenever you want. There is no lock-in. Questions about how something works? Reach us at hello@floom.dev.