Security
Your data is safe with us. Here's how.
Encryption in transit
All data is encrypted with TLS 1.2+ between your browser and our servers. We enforce HTTPS across all domains with HSTS headers.
Encryption at rest
Database storage uses AES-256 encryption. Backups are encrypted before leaving our infrastructure.
EU data residency
All data is stored on AWS infrastructure in the European Union (eu-west-1, Paris). We never transfer personal data outside the EEA without adequate safeguards.
Access controls
Production database access is restricted to specific IPs, uses short-lived credentials, and requires MFA. Employee access is logged and audited quarterly.
Responsible disclosure
Found a security vulnerability? We take all reports seriously. Please email security@formcraft.io with details. We aim to acknowledge reports within 24 hours and patch critical issues within 72 hours.