We've built Formspree from the start with your security and compliance in mind.
Our services are hosted with Amazon Web Services in the United States. They employ a robust security program with multiple certifications. For more information on our provider's security processes, please visit AWS Security.
Formspree uses an industry-leading Web Application Firewall with automatic updates to thwart the latest attack vectors.
All databases are encrypted at rest using AES-256 block-level storage encryption. We use a minimum of TLS 1.2 to encrypt network traffic between users' browsers and Formspree. Formspree salts and hashes passwords.
We perform vulnerability scanning and actively monitor for threats. We actively monitor and log various cloud services. We use a leading intelligent threat and anomaly detection service to proactively to identify and respond to any potential threats.
All of our team members are responsible for ensuring that your data remains secure, and we have adopted it into our culture.
We follow the principle of least privilege. Access to cloud infrastructure and tools with access to customer data are limited to authorized personnel who require it for their role. We enforce 2 factor authentication and strong password policies to access critical systems.
We maintain a dedicated offboarding process to immediately revoke access when no longer required. We also conduct quarterly access reviews of all team members to audit access to sensitive systems.
We have developed an action plan distributed to all personnel to prepare for any unexpected disasters. We regularly backup all critical data systems and run walkthroughs to allow us to quickly recover in the event of a catastrophe.
We have a process for handling information security events including escalation procedures, rapid mitigation, and communication. Formspree maintains a bug bounty program to encourage responsible disclosure.
Personnel are required to undergo security awareness training covering phishing and password management. We perform background checks on all new team members in accordance with local laws. All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.
Vendor risk is determined and vendor reviews are performed prior to authorizing a new vendor. We conduct at least annual risk assessments to identify any potential threats.
We follow industry standards in ensuring we protect your privacy and security.
Formspree is fully GDPR compliant and believes in the mission of advancing privacy worldwide. GDPR compliance is shown through actions, not through certifications. GDPR compliance is included in our Privacy Policy. We rely on Standard Contractual Clauses (SCCs) as a data processor.
Formspree has achieved SOC 2 Type 2 compliance and been audited by an independent third-party auditor. Our auditor is certified by the American Institute of Certified Public Accountants (AICPA) to evaluate a service organizations controls related to the Trust Services Criteria. If you'd like a copy of our audit report, please reach out to security@formspree.io.
We ensure California consumers can exercise their rights under CCPA. This includes the right to know, right to delete, right to opt-out, and right to non-discrimination.
Found a potential issue? Please help us by reporting it so we can fix it quickly