Security isn’t a feature we bolted on. It’s the foundation we built every line of FormFlows.ai on top of.
TLS 1.3 in transit, AES-256 at rest. Database backups are encrypted with rotating keys.
SOC 2 Type II audit in progress. Controls and policies are already in place — formal certification expected this year.
Hosted on Railway with managed PostgreSQL. Builds run on Blacksmith CI. All providers are SOC 2 certified.
OAuth via Google plus magic-link email — no passwords stored, nothing to leak. Session tokens are rotated and short-lived.
GDPR and CCPA compliant today. HIPAA BAAs available on Enterprise plans. ISO 27001 on the 2027 roadmap.
Found a vulnerability? Email [email protected]. We acknowledge within 24 hours and reward verified reports.
Internal penetration test
Q1 2026
Dependency vulnerability scan
Continuous
SOC 2 Type II audit
In progress
We take every report seriously. Email our security team and we’ll respond within 24 hours.
[email protected]