Skip to main content
At Formora, we take the security of your account and the data you collect very seriously. This document provides an overview of our security practices and your responsibilities in maintaining a secure environment.

Our Security Measures

Formora employs a multi-layered approach to security:
  • Data Encryption:
    • In Transit: All data transmitted between your browser and Formora servers, and between our internal services, is encrypted using industry-standard HTTPS/TLS (Transport Layer Security).
    • At Rest: Sensitive data, including form submission data and your account credentials, is encrypted at rest using strong encryption algorithms (e.g., AES-256).
  • Secure Infrastructure:
    • Our platform is hosted on reputable cloud providers (e.g., AWS, Google Cloud, Azure) that adhere to high security and compliance standards.
    • We implement network security measures such as firewalls, intrusion detection/prevention systems, and regular security patching.
  • Regular Security Audits & Penetration Testing: We conduct periodic security assessments and penetration tests to identify and address potential vulnerabilities.
  • Access Controls: Strict access controls are enforced internally to ensure that only authorized personnel can access sensitive systems and data, based on the principle of least privilege.
  • Development Practices (DevSecOps): Security is integrated into our software development lifecycle, including code reviews, vulnerability scanning, and secure coding practices.
  • Incident Response Plan: We have a plan in place to respond to and mitigate security incidents promptly and effectively.
  • Data Backup and Recovery: Regular backups of your data are performed to ensure it can be restored in case of data loss.

Your Responsibilities: Account Security Best Practices

While Formora implements robust security measures, maintaining the security of your account also depends on your actions:
  • Create Strong Passwords: Use a unique, complex password for your Formora account. Combine uppercase letters, lowercase letters, numbers, and symbols. Avoid easily guessable passwords.
  • Password Managers: Consider using a reputable password manager to generate and store strong, unique passwords for all your online accounts, including Formora.
  • Regular Updates: Change your password periodically or if you suspect your account may have been compromised.
  • Learn more: /en/account-settings/profile-management#password-management
  • Keep API Keys Confidential: Treat your Formora API keys like passwords. Do not share them publicly, embed them in client-side code, or commit them to version control systems.
  • Use Environment Variables: Store API keys in server-side environment variables for backend applications.
  • Principle of Least Privilege: If Formora allows for scoped API keys in the future, generate keys with only the minimum necessary permissions for the intended task.
  • Rotate Keys: Regenerate API keys periodically or if a key is suspected to be compromised.
  • Learn more: /en/account-settings/api-keys#security-best-practices-for-api-keys
  • Verify Senders: Be cautious of unsolicited emails or messages asking for your Formora login credentials or personal information. Formora will never ask for your password via email.
  • Check URLs: Always ensure you are on the official Formora website (formora.site or your custom domain) before entering your login details.
  • Report Suspicious Activity: If you receive a suspicious email or encounter a phishing attempt, please report it to our support team.
  • Keep your computer and mobile devices updated with the latest operating system patches and security software (antivirus/anti-malware).
  • Use secure Wi-Fi networks, especially when accessing sensitive information.
Periodically review your account activity, connected applications, and active sessions (if this feature is available in Formora) for any unauthorized access.

Data Privacy and Compliance

Formora is committed to protecting your privacy and helping you comply with relevant data protection regulations (e.g., GDPR, CCPA).
  • Privacy Policy: Our /en/privacy-policy details how we collect, use, and protect your personal information and the data you collect through your forms.
  • Terms of Service: Our /en/terms-of-service outline the terms and conditions for using the Formora platform.
  • Data Ownership: You own the data you collect through your forms. Formora acts as a data processor on your behalf.
  • Data Processing Agreements (DPA): If required for your compliance needs, Formora may provide a DPA. Contact support for more information.

Reporting Security Vulnerabilities

If you believe you have discovered a security vulnerability in Formora, please report it to us responsibly. We appreciate the community’s help in keeping our platform secure.
  • How to Report: Send an email to security@formora.site with detailed information about the potential vulnerability.
  • Responsible Disclosure: Please do not publicly disclose the vulnerability until we have had a chance to investigate and address it.

Staying Informed

We may update our security practices and documentation from time to time. Major changes will be communicated through platform announcements or email.
Security is a shared responsibility. By following best practices and understanding our measures, we can work together to maintain a safe and trustworthy environment for your form data. Next, learn about /en/account-settings/api-keys.
I