At Formora, we take the security of your account and the data you collect very seriously. This document provides an overview of our security practices and your responsibilities in maintaining a secure environment.

Our Security Measures

Formora employs a multi-layered approach to security:

  • Data Encryption:
    • In Transit: All data transmitted between your browser and Formora servers, and between our internal services, is encrypted using industry-standard HTTPS/TLS (Transport Layer Security).
    • At Rest: Sensitive data, including form submission data and your account credentials, is encrypted at rest using strong encryption algorithms (e.g., AES-256).
  • Secure Infrastructure:
    • Our platform is hosted on reputable cloud providers (e.g., AWS, Google Cloud, Azure) that adhere to high security and compliance standards.
    • We implement network security measures such as firewalls, intrusion detection/prevention systems, and regular security patching.
  • Regular Security Audits & Penetration Testing: We conduct periodic security assessments and penetration tests to identify and address potential vulnerabilities.
  • Access Controls: Strict access controls are enforced internally to ensure that only authorized personnel can access sensitive systems and data, based on the principle of least privilege.
  • Development Practices (DevSecOps): Security is integrated into our software development lifecycle, including code reviews, vulnerability scanning, and secure coding practices.
  • Incident Response Plan: We have a plan in place to respond to and mitigate security incidents promptly and effectively.
  • Data Backup and Recovery: Regular backups of your data are performed to ensure it can be restored in case of data loss.

Your Responsibilities: Account Security Best Practices

While Formora implements robust security measures, maintaining the security of your account also depends on your actions:

Data Privacy and Compliance

Formora is committed to protecting your privacy and helping you comply with relevant data protection regulations (e.g., GDPR, CCPA).

  • Privacy Policy: Our /en/privacy-policy details how we collect, use, and protect your personal information and the data you collect through your forms.
  • Terms of Service: Our /en/terms-of-service outline the terms and conditions for using the Formora platform.
  • Data Ownership: You own the data you collect through your forms. Formora acts as a data processor on your behalf.
  • Data Processing Agreements (DPA): If required for your compliance needs, Formora may provide a DPA. Contact support for more information.

Reporting Security Vulnerabilities

If you believe you have discovered a security vulnerability in Formora, please report it to us responsibly. We appreciate the community’s help in keeping our platform secure.

  • How to Report: Send an email to security@formora.site with detailed information about the potential vulnerability.
  • Responsible Disclosure: Please do not publicly disclose the vulnerability until we have had a chance to investigate and address it.

Staying Informed

We may update our security practices and documentation from time to time. Major changes will be communicated through platform announcements or email.

Security is a shared responsibility. By following best practices and understanding our measures, we can work together to maintain a safe and trustworthy environment for your form data.

Next, learn about /en/account-settings/api-keys.