Security Policy

Security at FormBridge

FormBridge takes security seriously. We implement multiple layers of security to protect your data and ensure the integrity of our platform.

Data Encryption

• In Transit: All data transmitted over HTTPS using TLS 1.2 or higher encryption
• At Rest: Sensitive data encrypted using AES-256 encryption
• Database: DynamoDB encryption enabled by default

Authentication & Authorization

• HMAC-SHA256 signatures for request verification
• API key management with rotation capabilities
• IAM (Identity and Access Management) controls
• Rate limiting and DDoS protection

Infrastructure Security

• AWS-managed serverless services (Lambda, DynamoDB, API Gateway)
• Automatic security patches and updates
• VPC isolation and private subnets
• CloudTrail logging for audit trails

Compliance

• GDPR compliant
• AWS SOC 2 Type II certified
• Regular security audits
• Incident response procedures

Data Retention

Users can delete their data at any time. FormBridge retains form submissions according to user preferences, with options for automatic deletion after a specified period.

Security Updates

We continuously monitor for vulnerabilities and apply patches promptly. Critical security updates are deployed immediately, and regular security assessments are conducted.

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly to:

om.deshpande@mitwpu.edu.in

Please do not publicly disclose the vulnerability until we have had a chance to address it.

Third-Party Security

FormBridge uses AWS-managed services exclusively. AWS undergoes regular security audits and complies with major security standards including ISO 27001, SOC 2, PCI DSS, and more.