TRUST CENTER
Security and Privacy
Explore how Forms Logic protects customer data through strong governance, layered security controls, compliance validation, and continuous improvement across our platform and operations.
OUR COMMITMENT IS TO DELIVER
Security Built Into Every Layer
At Forms Logic, security and privacy are foundational to how we build, operate, and support our platform. From encryption and secret management to penetration testing, endpoint protection, and identity controls, we apply practical safeguards designed to protect customer data and strengthen trust.
Governance
Our Security and Privacy teams oversee robust policies and controls founded on four core principles.
Least Privilege
Access is granted only to users with a clear, legitimate business need.
Defense in Depth
Layered controls across our infrastructure reduce risk and strengthen protection.
Consistency
Security measures are applied uniformly across all areas of the enterprise.
Continuous Improvement
Controls are regularly refined for stronger effectiveness, clearer audits, and lower operational friction.
Security and Compliance Certifications
SOC 2 Type II validates our commitment to maintaining high security standards. To learn more or request copies of these reports, visit our Trust Center.
Data Protection
Encryption, transport security, and secret management help protect customer data across the stack.
Data at Rest
All customer data is encrypted at rest. Sensitive information is further protected with row-level encryption for additional protection.
Data in Transit
TLS 1.2 or higher is enforced for connections across potentially untrusted networks, and HSTS helps protect data during transmission.
Secret Management
Keys are managed through KMS with HSM-backed protection. Application secrets are securely stored, georedundantly backed up, and restricted to authorized processes and personnel.
Product Security
Independent testing and continuous scanning help us identify and reduce risk throughout the development lifecycle.
Penetration Testing
We partner annually with reputable penetration testing firms to assess our product and cloud infrastructure. Summary findings are available in our Trust Center.
Vulnerability Scanning
Our Secure Development Lifecycle incorporates multiple scanning techniques, including Static Application Security Testing for pull requests, regular network vulnerability scans, and continuous external attack surface management to identify exposed services.
Enterprise Security
Security controls extend beyond the product to devices, vendors, remote access, training, and identity governance.
Endpoint Protection
All corporate devices are centrally managed with MDM and anti-malware tools, and endpoint alerts are monitored around the clock.
Vendor Security
We use a risk-based methodology to evaluate vendors based on data sensitivity, integration points, and exposure to production environments.
Secure Remote Access
Employees access internal resources through modern VPN solutions built on WireGuard, with DNS filtering to block known threats and improve malware protection.
Security Education
All employees complete security training during onboarding and at least annually thereafter, including secure coding best practices.
Identity and Access Management
We use Teleport for identity and access management, providing SSO, MFA, and centralized user provisioning so only authorized individuals can access critical systems.