Encrypted, end to end.
Every byte on the wire uses TLS 1.2 or greater. Your respondents are protected from the very first keystroke — no upgrade required.
Strong security built into every plan — TLS encryption, hashed IPs, server-side upload validation, and plan limits enforced on every API call.
Every byte on the wire uses TLS 1.2 or greater. Your respondents are protected from the very first keystroke — no upgrade required.
Every upload is checked on our servers — type, extension, and size — and anything unexpected (ZIP, EXE…) is rejected. Files are stored on private server storage, never listed or indexed.
Raw IP addresses are never persisted. We hash on the way in — so what we hold isn't traceable back to your respondents.
Plan limits, permissions, and access controls all run on our servers. Client-side gating is cosmetic only.
Your form data is never used to train AI models, and never sold or shared with third parties. Ever.
Every form and its responses are private until you invite someone. Add collaborators to a form by email — they can edit it and see its responses — and revoke access any time.
Talk to securityDelete any response and it’s permanently removed within 24 hours; delete a form or your account and every response and uploaded file goes with it.
See the responses viewOur security practices already follow SOC 2 Type 2 standards. We are working toward formal certification — and happy to share our current security posture with your team.
Request our security overviewA platform you can hand to your security team without a long checklist of caveats. Hashed IPs, server-side enforcement, no training on your data.
Read our security overviewGDPR- and CCPA-aligned: hashed IPs, response and account deletion on demand, and a custom DPA on Enterprise. Working toward SOC 2 Type 2.
See compliance detailsCollect sensitive applications and surveys with confidence — server-side upload validation, hashed IPs, and per-form access keep the data tight.
See HR templatesStart on the free plan — every protection above is on by default. Talk to us about a custom DPA and dedicated support on Enterprise.