We've built Formspree from the start with your security and compliance in mind.
Our services are hosted with Amazon Web Services in the United States. They employ a robust security program with multiple certifications. For more information on our provider's security processes, please visit AWS Security.
Formspree uses an industry-leading Web Application Firewall with automatic updates to thwart the latest attack vectors.
All databases are encrypted at rest using AES-256 block-level storage encryption. We use a minimum of TLS 1.2 to encrypt network traffic between users' browsers and Formspree. Formspree salts and hashes passwords.
We perform vulnerability scanning and actively monitor for threats. We actively monitor and log various cloud services. We use a leading intelligent threat and anomaly detection service to proactively to identify and respond to any potential threats.
All of our team members are responsible for ensuring that your data remains secure, and we have adopted it into our culture.
We follow the principle of least privilege. Access to cloud infrastructure and tools with access to customer data are limited to authorized personnel who require it for their role. We enforce 2 factor authentication and strong password policies to access critical systems.
We maintain a dedicated offboarding process to immediately revoke access when no longer required. We also conduct quarterly access reviews of all team members to audit access to sensitive systems.
We have developed an action plan distributed to all personnel to prepare for any unexpected disasters. We regularly backup all critical data systems and run walkthroughs to allow us to quickly recover in the event of a catastrophe.
We have a process for handling information security events including escalation procedures, rapid mitigation, and communication. Formspree maintains a bug bounty program to encourage responsible disclosure.
Personnel are required to undergo security awareness training covering phishing and password management. We perform background checks on all new team members in accordance with local laws. All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.
Vendor risk is determined and vendor reviews are performed prior to authorizing a new vendor. We conduct at least annual risk assessments to identify any potential threats.
We follow industry standards in ensuring we protect your privacy and security.
Formspree follows the criteria set forward System and Organization Controls (SOC) 2 Framework. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants. Formspree expects to receive its SOC 2 Type 2 report in Q2 2023.
We ensure California consumers can exercise their rights under CCPA. This includes the right to know, right to delete, right to opt-out, and right to non-discrimination.
Found a potential issue? Please help us by reporting it so we can fix it quickly