Encrypted in transit & at rest · EU-hosted

Secure forms, in plain English

Some answers are too sensitive to leave lying around. Secure forms protect what people tell you — while it travels, while it’s stored, and (when you need it) so completely that not even we can read it. Here’s exactly what that means — for everyone in the room.

Written for two readers.Read the bold lines for the plain-English version. Each one comes with anUnder the hoodnote that spells out the exact technology — so the person who has to sign off and the engineer who has to trust it can both find their answer on the same page.

What makes a form secure?

Locked while it travels

From the moment someone hits submit, their answers are sealed on the wire — nobody between their device and us can read them.

Under the hood

Every form and API request is served over HTTPS with TLS 1.2+ and HSTS. There is no unencrypted path to the form.

Locked where it’s stored

Responses don’t sit in plain text on a hard drive somewhere. They’re encrypted while stored, on servers in Europe.

Under the hood

Data is encrypted at rest with AES-256 and hosted in the EU by default — your responses never leave the EU.

Seen only by your people

You decide who on your team can open responses. Nobody else gets a look in.

Under the hood

Role-based access controls, SAML single sign-on (Business), and daily backups. Infrastructure is SOC 2 Type II and ISO 27001 certified.

So private even we can’t read it

For the answers that truly can’t leak, turn on end-to-end encryption. They’re locked on the visitor’s own device, and only you hold the key to open them.

Under the hood

Optional end-to-end encryption with OpenPGP: responses are encrypted in the respondent’s browser to your public key (Curve25519, RFC 9580). We store only ciphertext we cannot decrypt.

How encrypted forms work →

How secure does your form need to be?

Not every form needs a vault. Match the protection to the data — here’s a simple way to decide.

01Everyday forms

Contact forms, newsletter sign-ups, surveys, event RSVPs.

Standard protection — on by default for every form.

HTTPS in transit, AES-256 at rest, EU hosting. Nothing to configure.

02Sensitive data

Personal details, job applications, customer or patient info, anything covered by privacy law.

Add access controls and a data processing agreement.

Lock down who can read responses, keep data in the EU, and sign a GDPR DPA.

03Highly confidential

Whistleblowing, legal intake, medical records, financial disclosures.

Turn on end-to-end encryption.

Answers are encrypted on the respondent’s device to your key — not even we can read them.

Secure forms vs encrypted forms

They’re related, not the same. Secure forms is the umbrella — strong, sensible protection on every form you build. Encrypted forms is the strongest tier inside it: true end-to-end encryption, where the answers are locked on the respondent’s device and only you hold the key to open them.

Most forms only need the umbrella. Reach for end-to-end when a leak would be unacceptable — and read exactly how it works on the encrypted forms page.

Where your data lives, and the paperwork to prove it

EU data residency

Hosted in the European Union by default. Your data does not leave the EU.

GDPR compliant

Compliant by default, with a Data Processing Agreement available on request.

Certified infrastructure

Runs on SOC 2 Type II and ISO 27001 certified infrastructure, with daily backups.

Questions people actually ask

Are my responses encrypted?+

Yes. Every response is encrypted in transit (TLS 1.2+) and encrypted at rest (AES-256). For the most sensitive forms you can also switch on end-to-end encryption, which encrypts answers in the visitor’s browser before they ever reach us.

Can formformform employees read my responses?+

For a standard form, access is limited by strict internal controls — but as the data processor, our systems can technically process the data to run the service. For an end-to-end encrypted form, the answer is a flat no: we only ever hold ciphertext, and we don’t have the key to decrypt it. Only you do.

Where is my data stored?+

In the European Union by default, on infrastructure certified to SOC 2 Type II and ISO 27001. Your data does not leave the EU. Backups run daily.

What’s the difference between secure forms and encrypted forms?+

“Secure forms” is the umbrella: strong, sensible protection on every form you build — in transit, at rest, and by access control. “Encrypted forms” is the strongest tier within it — true end-to-end encryption where only you hold the key. Most forms only need the former; reach for the latter when a leak would be unacceptable.

Is this GDPR compliant?+

Yes. formformform is GDPR compliant by default, with EU data residency and a Data Processing Agreement available. See the GDPR page for the details.

Do I need to be technical to set this up?+

No. Standard protection is on automatically — you don’t touch a setting. End-to-end encryption is a single toggle that generates your keys for you; the only job it asks of you is to keep your private key safe, like the key to a safe.

Keep reading

Collect sensitive data with confidence

Standard protection is on from your very first form. Turn on end-to-end encryption the moment you need it. Free to start.

Start for free