Security
Your production data
stays in your control
FluxRun is built around a customer-controlled replay agent, recorded IO, encrypted protected payloads, and short-lived authorization for sensitive actions.
Data flow
The SDK records execution metadata and replay-relevant events, encrypts or masks protected payload data, and sends batches to FluxRun ingest. The dashboard reads indexed summaries and asks the customer agent before decrypt or replay actions.
Key ownership
Project tokens identify the app. Private replay keys stay in the customer server runtime with the traced route and agent route. FluxRun stores enough metadata to find executions, not the private key needed to unlock protected payloads.
Agent request flow
Dashboard replay and decrypt actions create short-lived agent session tokens. The configured agent route verifies authorization, then performs replay using captured events and the customer runtime boundary.
Recorded-IO replay
Replay is designed to use recorded fetch, host-call, random, time, and request data. External fetches, queues, databases, email, and payment providers are blocked or served from captured responses instead of live side effects.
Access control
Workspaces separate organization, app, and member access. Protected data and replay actions are tied to app-level agent configuration and role-aware dashboard flows.
Audit and diagnostics
FluxRun logs auth, ingest, replay, and dashboard failures for operational debugging. Error states are surfaced as setup, network, auth, or replay failures instead of generic unavailable messages.
Retention
Plan limits
| Plan | Retention | Executions | Replay calls |
|---|---|---|---|
| Free | 7 days | 1k executions | 100 replay calls |
| Pro | 30 days | 50k executions | 5k replay calls |
| Team | 90 days | 500k executions | 50k replay calls |
Subprocessors and hosting
FluxRun runs on managed infrastructure for application hosting, object storage, auth, email, billing, analytics, and operational logging. Provider access is limited to what is needed to operate the service.
Security contact
Send security, privacy, retention, or deletion questions to privacy@fluxrun.dev.