Your data is encrypted, protected, and hosted in the EU. Security isn't an add-on — it's how we build.
All connections to formformform are encrypted with TLS 1.2+ (HTTPS). We enforce HTTPS on every endpoint — there is no way to access formformform over an unencrypted connection. Data at rest is encrypted using AES-256.
All formformform infrastructure is hosted in the European Union. Your data never leaves the EU. We use trusted cloud providers with SOC 2 Type II and ISO 27001 certifications.
Embedded forms are served exclusively over HTTPS. The embed script loads from our CDN with subresource integrity (SRI) hashes to prevent tampering. No mixed content, no exceptions.
Passwords are hashed using bcrypt. Sessions are secured with HTTP-only cookies and short-lived tokens. API keys are scoped and revocable. Enterprise plans support SAML-based single sign-on.
Databases are backed up daily with point-in-time recovery. Backups are encrypted and stored in a separate availability zone. Our target uptime is 99.9%.
Found a vulnerability? We take security reports seriously. Contact us at security@formformform.com and we'll respond within 48 hours.