Compliance
Built for regulated teams: HIPAA, GDPR, encryption, access controls, and auditable operations.
HIPAA
We support Business Associate Agreements (BAA) for covered entities and business associates collecting PHI. Access controls, least-privilege, audit logging, and secure transfer are enforced.
GDPR
Data Processing Addendum (DPA), data subject rights tooling (access, erasure, export), and regional data residency options. Subprocessors are reviewed and listed publicly.
Encryption
Encryption in transit (TLS 1.2+) and at rest (AES‑256). Secrets stored in a dedicated KMS with strict rotation policies. Backups encrypted and tested.
Access controls
Role‑based access control (RBAC), SSO (SAML/Google), SCIM provisioning, and granular permissions for forms, submissions, and workflows.
Audit & retention
Comprehensive audit logs for admin actions and data access. Configurable retention schedules and export capabilities.
Documents
- Data Processing Addendum (DPA)
- HIPAA BAA (upon request)
- Subprocessors list
- Incident response policy
- Business continuity & disaster recovery
Contact security
Need a security review, questionnaire, or copies of our policies? Our team can help.
Contact Security Team