Data Privacy
Privacy Friendly
Built with privacy in mind with no third-party cookies, fingerprinting, or invasive tracking.
Transparency
Open Source
Formo SDKs are open source with a fully permissive MIT license.
Compliance
SOC 2 (pending)
Formo’s SOC 2 compliance report will be available on request.
Supply Chain Security
NPM Trusted Publishing
Eliminates security risks from long-lived write tokens, which can be compromised.
Subresource Integrity
Formo supports SRI, which helps prevent attacks like cross-site scripting (XSS) and NPM hijacking.
Content Security Policy
Formo supports CSP, which helps prevent attacks like cross-site scripting (XSS) and data injection.
Infrastructure Security
Encryption in Transit
Formo secures all connections with industry-standard TLS 1.2+ encryption.
Encryption at Rest
All data volumes, including backups, are encrypted at rest with unique AES-256 keys.
Backups
All customer databases are continuously backed up to highly durable storage.
Data Center Security
Formo runs on AWS, which have the highest levels of security and reliability.
Monitoring
24/7 on-call rotations with internal escalations monitor across all systems.
Software Security
Quality Assurance
Automated tests and code reviews run after each code change as part of QA.
Security Reviews
Engineering review for security best practices to address potential security threats.
Vulnerability Management
Formo conducts regular penetration tests in addition to internal security reviews.
Partner Security
Payments and PCI
Formo uses Paddle to process payments and does not store credit card information.
Subprocessors
Formo keeps the list of data subprocessors updated in the Terms of Service.
Access Control
Multi-Factor Authentication
MFA adds an additional layer of security to user accounts and workspaces.
Role Based Access Control
RBAC enforces the least privilege principle on users based on specific roles.
Others
Changelog
Formo publishes a weekly summary of updates and fixes.