The frontier AI research lab for visual intelligence.
Black Forest Labs is the company behind the FLUX models for AI-based image generation and image editing. The platform includes Playground, API, open-weights/self-hosting licenses, and enterprise offerings for visual AI workflows. FLUX.2 is officially described as a production model for image generation and image editing with multi-reference control and up to 4MP output.
Black Forest Labs / FLUX
The frontier AI research lab for visual intelligence.
Location: Germany ⓘ BFL GmbH, Ingeborg-Krummer-Schroth-Straße 18, 79106 Freiburg im Breisgau, Germany. Commercial Register
FLUX.2 [small] Fastest model variant for real-time use, prototyping, rapid iteration, and high speed; according to the model page also runnable locally and fine-tuning-ready.
FLUX.2 [pro] Production-oriented image generation and image editing with high quality and scalability.
FLUX.2 [flex] Variant for precise control, typography, small details, and finer visual control.
FLUX.2 [max] Highest-quality variant with particularly strong prompt adherence, editing consistency, professional output, and grounding features.
Self-Hosted Commercial License License for downloading, hosting, and using certain FLUX-[dev] models in your own applications; API resale or third-party API access is excluded without the corresponding rights.
Enterprise / Custom Deployment Custom enterprise options with dedicated infrastructure, custom fine-tuning, and integration support.
Target audience
Black Forest Labs is aimed at developers, creative teams, agencies, product teams, media companies, e-commerce providers, design departments, gaming studios, marketing teams, and businesses that want to integrate image generation or image editing into their own workflows or products. FLUX is particularly relevant for organizations that need high-quality visual AI and want to choose between fast API usage, Playground, Open Weights, fine-tuning, and their own infrastructure. For regulated companies, the Enterprise and self-hosting track is especially interesting because it enables data sovereignty, private cloud, on-premise, zero data retention, and custom contractual documents.
Outstanding features
The standout features lie in the FLUX model family for text-to-image, image editing, multi-reference control, high-resolution image output, inpainting/outpainting, and productive API integration. Deployment flexibility is particularly strong: teams can test in the Playground, integrate via API, license Open Weights, fine-tune models, or run FLUX in private cloud and on-premise environments. For enterprise customers, Black Forest Labs lists dedicated endpoints, SSO, SLAs, an account team, vendor assessment materials, and DPAs on request.
Most important use cases
Black Forest Labs is suitable for product visualizations, campaign visuals, design variants, advertising materials, architectural visualization, automotive visuals, gaming assets, retail images, image editing, creative prototyping, on-brand image generation, SaaS integration, API-based image pipelines, and custom visual AI applications. The official enterprise page explicitly lists Advertising, Architecture, Automotive, Design, Gaming, and Retail as workflows.
Usage & notes
Usage takes place either via the browser-based Playground, via the FLUX API, or via licensed Open Weights in your own infrastructure. For teams, Black Forest Labs offers organizations, projects, roles, API keys, usage tracking, activity logs, and credit-based billing. Important: confidential or personal content should not be uploaded to standard services without review, because the Privacy Policy describes the use of interactions for improvement and training. Companies with strict data protection requirements should review the enterprise contract, DPA, zero-data-retention option, self-hosting license, server region, subprocessors, and content-filtering obligations in advance.
| Target audience | Assessment |
|---|---|
| Designers / creatives / agencies | Very suitable – for high-quality AI image generation, image editing, product visuals, campaign motifs, mood boards, concept art, and visual brand worlds. |
| Marketing and e-commerce teams | Very suitable – especially for product images, ad creatives, social assets, consistent image series, lifestyle visuals, and fast variant production. |
| Developers / product teams | Very suitable – the FLUX API is intended for integration into their own apps, image tools, creative platforms, and production workflows. |
| Companies with their own AI infrastructure | Suitable to very suitable – certain FLUX-[dev] models can be self-hosted according to the self-hosted license terms. |
| Private individuals / hobby creators | Suitable – via Playground and available FLUX models for generating and editing images. |
| Privacy-sensitive EU companies | Conditionally suitable – Black Forest Labs has a German BFL GmbH in Freiburg, but API/privacy documents contain references to the US/Inc., international transfers, and training use of inputs/outputs; contract review is necessary for sensitive data. |
FLUX.2 [small]
Fastest model variant for real-time use, prototyping, rapid iteration, and high speed; according to the model page, it can also be run locally and is fine-tuning-ready.
FLUX.2 [pro]
Production-oriented image generation and image editing with high quality and scalability.
FLUX.2 [flex]
Variant for precise control, typography, small details, and finer visual steering.
FLUX.2 [max]
Highest-quality variant with especially strong prompt adherence, editing consistency, professional output, and grounding features.
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ✅ |
| Private cloud / data center | ✅ |
| EU SaaS / Managed | ⚠️ |
| Hybrid | ⚠️ |
| DPA / AVV | ❓ |
| No training on customer data | ❓ |
| Open source / transparency path | ✅ |
On-premises / local hosting: supported
On the Enterprise and Licensing pages, self-hosted/open weights are clearly mentioned. The website describes “Deploy in your private cloud or on-premises with complete data isolation” as well as “Run FLUX models on your own infrastructure.”
Private Cloud / Data Center: Covered
The website explicitly mentions private cloud and dedicated infrastructure: “Deploy in your private cloud” and, in the Enterprise section, “Dedicated instances with zero data retention and network isolation.”
EU SaaS / Managed: Partially
A managed SaaS/API/Playground service is clearly available. However, for EU/EEA-relevant requirements, the website lacks specific details regarding EU data residency, EU/EEA data centers, or a specific server location.
Hybrid: Partially
The website shows a possible combination of API and Weights (“API + Weights combo pricing”) as well as co-built production pipelines. However, an explicit hybrid operating model with a clearly documented division of processing is not described in detail.
T&C / DPA: unclear
No publicly linked TAA/DPA can be found on the website. There is only a general reference to “tailored contractual arrangements” in the Enterprise context. The website does not specify whether a TAA/DPA is offered as standard.
No Training: Indirect / Not Available
For the standard services, the Terms argue against a clear “no training” policy, as the Terms state that input and output may be used for development, improvement, and training. The only positive aspect, albeit indirect, is the Enterprise/Self-Hosted path with “zero data retention” and “no external calls,” but a general, publicly documented training opt-out for SaaS is not specified on the website.
Open-Source / Transparency Path: Covered
The website offers a clear transparency/sovereignty path via “Open Weights,” self-hosting, fine-tuning rights, and references to GitHub/Hugging Face. This is not a complete product described as fully open source, but it is a clearly documented open/self-hostable model path.
Data Processing
The website clearly distinguishes between standard services and customer-specific setups. For standard services, general terms apply under which input and output may be used for deployment, development, training, and improvement. For Enterprise/Self-Hosted, however, stronger control mechanisms are described: Operation on the customer’s own infrastructure, private cloud/on-premises, no external calls, dedicated instances, “zero data retention,” and network isolation. For EU/EEA users, this controlled deployment path is significantly more favorable from a data protection perspective than general SaaS usage.
Conclusion
For an EU/EEA tool directory, the overall rating is conditional. The website provides positive indications for data-protection-friendly enterprise and self-hosted use with a high degree of data sovereignty, but lacks sufficiently clear documentation regarding EU/EEA server locations, EU data residency, the Data Processing Agreement (DPA), and subprocessors for the standard SaaS variant. According to the website, anyone who wants to use FLUX in the EU/EEA in a manner that is as GDPR-compliant as possible should opt for self-hosted/open weights or a dedicated enterprise environment, rather than the general standard usage.
Sources
| On-prem / local hosting | ✅ |
| Private cloud / data center | ✅ |
| EU SaaS / Managed | ⚠️ |
| Hybrid | ⚠️ |
| DPA / AVV | ❓ |
| No training on customer data | ❓ |
| Open source / transparency path | ✅ |
On-premises / local hosting: supported
On the Enterprise and Licensing pages, self-hosted/open weights are clearly mentioned. The website describes “Deploy in your private cloud or on-premises with complete data isolation” as well as “Run FLUX models on your own infrastructure.”
Private Cloud / Data Center: Covered
The website explicitly mentions private cloud and dedicated infrastructure: “Deploy in your private cloud” and, in the Enterprise section, “Dedicated instances with zero data retention and network isolation.”
EU SaaS / Managed: Partially
A managed SaaS/API/Playground service is clearly available. However, for EU/EEA-relevant requirements, the website lacks specific details regarding EU data residency, EU/EEA data centers, or a specific server location.
Hybrid: Partially
The website shows a possible combination of API and Weights (“API + Weights combo pricing”) as well as co-built production pipelines. However, an explicit hybrid operating model with a clearly documented division of processing is not described in detail.
T&C / DPA: unclear
No publicly linked TAA/DPA can be found on the website. There is only a general reference to “tailored contractual arrangements” in the Enterprise context. The website does not specify whether a TAA/DPA is offered as standard.
No Training: Indirect / Not Available
For the standard services, the Terms argue against a clear “no training” policy, as the Terms state that input and output may be used for development, improvement, and training. The only positive aspect, albeit indirect, is the Enterprise/Self-Hosted path with “zero data retention” and “no external calls,” but a general, publicly documented training opt-out for SaaS is not specified on the website.
Open-Source / Transparency Path: Covered
The website offers a clear transparency/sovereignty path via “Open Weights,” self-hosting, fine-tuning rights, and references to GitHub/Hugging Face. This is not a complete product described as fully open source, but it is a clearly documented open/self-hostable model path.
Data Processing
The website clearly distinguishes between standard services and customer-specific setups. For standard services, general terms apply under which input and output may be used for deployment, development, training, and improvement. For Enterprise/Self-Hosted, however, stronger control mechanisms are described: Operation on the customer’s own infrastructure, private cloud/on-premises, no external calls, dedicated instances, “zero data retention,” and network isolation. For EU/EEA users, this controlled deployment path is significantly more favorable from a data protection perspective than general SaaS usage.
Conclusion
For an EU/EEA tool directory, the overall rating is conditional. The website provides positive indications for data-protection-friendly enterprise and self-hosted use with a high degree of data sovereignty, but lacks sufficiently clear documentation regarding EU/EEA server locations, EU data residency, the Data Processing Agreement (DPA), and subprocessors for the standard SaaS variant. According to the website, anyone who wants to use FLUX in the EU/EEA in a manner that is as GDPR-compliant as possible should opt for self-hosted/open weights or a dedicated enterprise environment, rather than the general standard usage.
Sources
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Very strong image generation and image editing | • Focus almost exclusively on visual AI, not on text, chat, meeting notes, or office workflows |
| • FLUX.2 model family for text-to-image and image editing | • Standard privacy policy permits the use of interactions, prompts, images, and outputs for the development, training, and improvement of the services |
| • API and playground for a quick start | • Legal structure requires explanation: the legal notice names BFL GmbH in Freiburg, while the Privacy Policy/Terms name Black Forest Labs Inc. with a US contact address |
| • Open weights for your own infrastructure and fine-tuning | • DPA/vendor documents are available upon request according to the enterprise page, but are not publicly directly accessible |
| • Enterprise options for private cloud, on-premise, and dedicated endpoints | • Specific API/playground server regions are not clearly documented publicly |
| • Roles, organizations, projects, API keys, usage tracking, and activity logs for teams | • Self-hosting licenses include obligations regarding content filtering, reporting, and restrictions on API forwarding |
| • ISO 27001 and SOC 2 Type II are listed on the enterprise side as security certifications |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
For the EU/EEA region, there is no clear evidence that the standard SaaS version complies with the GDPR. On the positive side, the provider describes on its website self-hosting, private cloud/on-premises operation, dedicated instances with “zero data retention” and “network isolation,” as well as GDPR-compliant data processing in an enterprise context. At the same time, according to the Terms of Service, general SaaS/website use allows for very extensive use of input and output data for further development and training. The simplest and best option for EU/EEA users is therefore the self-hosted or dedicated enterprise path, rather than the freely accessible standard SaaS usage.
Positive
The website lists self-hosted/open-source options, including “Deploy in your private cloud or on-premises with complete data isolation,” “No external calls: all inference runs inside your environment,” and “Full data sovereignty on your own infrastructure.” In addition, the Enterprise page mentions dedicated instances with “zero data retention and network isolation” as well as certifications/standards such as ISO 27001, SOC 2 Type II, and “GDPR-compliant data processing is standard.”
Negative
The website does not specify EU/EEA data residency or a specific server location for the standard services. A publicly linked page for the Terms of Service (TOS) or Data Processing Agreement (DPA), or a list of subprocessors, is also not available. Particularly critical: In the general terms, the user grants the provider a worldwide, perpetual, and irrevocable license to use input and output to “develop, train, and improve” technologies, products, and services. The website does not specify an explicit opt-out option from AI training for this standard use.
Server location
Not specified on the website. Although Enterprise, Self-Hosted, and Private Cloud options, as well as Azure AI Foundry, are mentioned, no specific EU/EEA data center, country, or binding EU data residency is specified for the standard SaaS version.