Security & Compliance
Your data security is our top priority. Formlio employs industry-leading security measures to protect every submission, ensuring compliance with global standards.
Data Protection at Every Layer
All data is encrypted both in transit and at rest using industry-standard algorithms.
HTTPS/TLS Everywhere
All connections are secured with modern encryption.
- TLS encryption on all endpoints
- HSTS headers prevent downgrade attacks
- Secure cloud infrastructure
Encryption at Rest
Your data is encrypted when stored in our databases.
- Industry-standard encryption at rest
- Encrypted database backups
- Secure key management
Sensitive Data Handling
Extra protection for passwords and tokens.
- Secure password hashing (bcrypt)
- Encrypted OAuth token storage
- No plain-text sensitive data
Secure Access Control
Multi-layered authentication with industry best practices.
Token-Based Auth
Secure session management.
- Short-lived access tokens
- Automatic session expiry
- Secure token handling
Two-Factor Authentication
Additional security layer for accounts.
- Email-based verification codes
- Login attempt notifications
- Account recovery options
Role-Based Access
Granular permission control.
- Admin and Member roles
- Team-level permissions
- Form-specific access control
File Upload Protection
Comprehensive validation and security measures for all file uploads.
Database Security
Multiple layers of protection for your stored data.
Logging & Monitoring
Comprehensive audit trails and real-time monitoring for security events.
Error Monitoring
Application health tracking.
- Error logging and alerts
- Application monitoring
- Performance tracking
Access Monitoring
Track and review access patterns.
- Failed login attempt tracking
- Rate limiting protection
- Unusual activity alerts
Activity Logs
Record of important actions.
- Admin action logging
- User activity records
- Data change history
Compliance & Certifications
We maintain compliance with industry standards and regulations.
Our Security Practices
Security is built into every aspect of our development process.
Security Reviews
Internal security assessments and code reviews
Regular Updates
Security patches and dependency updates
Secure Development
Security-focused development practices
Incident Response
Monitoring with rapid incident response
Electronic Signature Security
Formlio Sign ensures your electronically signed documents are legally valid, tamper-proof, and verifiable.
Document Integrity (SHA-256)
Every signed document is hashed with SHA-256. Any modification to the document content, signature, or metadata is immediately detectable via the verification endpoint.
Public Verification
Anyone can verify a signed document at formlio.app/verify using the unique document number. Verification shows status, form name, date, and integrity — never sensitive data.
Legal Compliance
Electronic signatures through Formlio Sign comply with the E-SIGN Act, UETA, and similar international regulations. See our Consumer Consent Disclosure.
No Sensitive Data Exposure
The verification endpoint only reveals document status, form name, date, and integrity hash. No form answers, email addresses, phone numbers, or uploaded files are ever exposed.
Unique Document Numbers
Each signed document receives a sequential, unique identifier (FL-SIGN-YYYY-NNNNNN) that serves as a permanent reference for audit trails and verification.
Consent & Disclosure
Before signing, users are presented with a consent statement and a link to the full Consumer Consent Disclosure, ensuring informed agreement.