Some answers are too sensitive to leave lying around. Secure forms protect what people tell you — while it travels, while it’s stored, and (when you need it) so completely that not even we can read it. Here’s exactly what that means — for everyone in the room.
Written for two readers.Read the bold lines for the plain-English version. Each one comes with anUnder the hoodnote that spells out the exact technology — so the person who has to sign off and the engineer who has to trust it can both find their answer on the same page.
From the moment someone hits submit, their answers are sealed on the wire — nobody between their device and us can read them.
Every form and API request is served over HTTPS with TLS 1.2+ and HSTS. There is no unencrypted path to the form.
Responses don’t sit in plain text on a hard drive somewhere. They’re encrypted while stored, on servers in Europe.
Data is encrypted at rest with AES-256 and hosted in the EU by default — your responses never leave the EU.
You decide who on your team can open responses. Nobody else gets a look in.
Role-based access controls, SAML single sign-on (Business), and daily backups. Infrastructure is SOC 2 Type II and ISO 27001 certified.
For the answers that truly can’t leak, turn on end-to-end encryption. They’re locked on the visitor’s own device, and only you hold the key to open them.
Optional end-to-end encryption with OpenPGP: responses are encrypted in the respondent’s browser to your public key (Curve25519, RFC 9580). We store only ciphertext we cannot decrypt.
How encrypted forms work →Not every form needs a vault. Match the protection to the data — here’s a simple way to decide.
Contact forms, newsletter sign-ups, surveys, event RSVPs.
Standard protection — on by default for every form.
HTTPS in transit, AES-256 at rest, EU hosting. Nothing to configure.
Personal details, job applications, customer or patient info, anything covered by privacy law.
Add access controls and a data processing agreement.
Lock down who can read responses, keep data in the EU, and sign a GDPR DPA.
Whistleblowing, legal intake, medical records, financial disclosures.
Turn on end-to-end encryption.
Answers are encrypted on the respondent’s device to your key — not even we can read them.
They’re related, not the same. Secure forms is the umbrella — strong, sensible protection on every form you build. Encrypted forms is the strongest tier inside it: true end-to-end encryption, where the answers are locked on the respondent’s device and only you hold the key to open them.
Most forms only need the umbrella. Reach for end-to-end when a leak would be unacceptable — and read exactly how it works on the encrypted forms page.
Hosted in the European Union by default. Your data does not leave the EU.
Compliant by default, with a Data Processing Agreement available on request.
Runs on SOC 2 Type II and ISO 27001 certified infrastructure, with daily backups.
Yes. Every response is encrypted in transit (TLS 1.2+) and encrypted at rest (AES-256). For the most sensitive forms you can also switch on end-to-end encryption, which encrypts answers in the visitor’s browser before they ever reach us.
For a standard form, access is limited by strict internal controls — but as the data processor, our systems can technically process the data to run the service. For an end-to-end encrypted form, the answer is a flat no: we only ever hold ciphertext, and we don’t have the key to decrypt it. Only you do.
In the European Union by default, on infrastructure certified to SOC 2 Type II and ISO 27001. Your data does not leave the EU. Backups run daily.
“Secure forms” is the umbrella: strong, sensible protection on every form you build — in transit, at rest, and by access control. “Encrypted forms” is the strongest tier within it — true end-to-end encryption where only you hold the key. Most forms only need the former; reach for the latter when a leak would be unacceptable.
Yes. formformform is GDPR compliant by default, with EU data residency and a Data Processing Agreement available. See the GDPR page for the details.
No. Standard protection is on automatically — you don’t touch a setting. End-to-end encryption is a single toggle that generates your keys for you; the only job it asks of you is to keep your private key safe, like the key to a safe.
Standard protection is on from your very first form. Turn on end-to-end encryption the moment you need it. Free to start.
Start for free