Trust Center

Start your security review
Search items
ControlK

Keeping your data secure, confidential, and readily accessible are our greatest priorities. Formal's industry-leading cybersecurity program is based on the concept of Defense in Depth: securing our organization and your data at every layer.

While no system can guard against every potential threat, Formal's defensive line is advanced and monitored 24/7, 365 days a year by skilled, highly trained professionals.

The focus of Formal’s cybersecurity program is to prevent unauthorised access to customer data. To this end, our team take specific steps to identify and mitigate risks, implement best practices, and continuously develop ways to improve.

Security Overview:

Data encrypted at rest and in transit. We use AWS RDS to manage our Postgres database. Our data is encrypted at rest and in transit with the industry-standard AES-256 encryption algorithm. Data Durability. All database data is backed up automatically once a day. That data is stored in 3 availability zones for data redundancy. Secrets, passwords, and API Keys are securely stored and encrypted thanks to AWS Secret Manager. All secrets are rotated once a month.

Documents

HIPAA

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo