End-to-end encryption
All data encrypted with AES-256 at rest and TLS 1.3 in transit. Backups are encrypted too, in geographically distributed locations.
SECURITY — ALL SYSTEMS SECURE
Boring by design. Safe by default.
Your data is protected by industry-leading practices and infrastructure — encrypted, audited, and monitored around the clock. The most uneventful page on this site, on purpose.
0%UPTIME SLA
AES-0ENCRYPTION AT REST
24/7THREAT MONITORING
0everDATA BREACHES
- APPOPERATIONAL
- APIOPERATIONAL
- AI PIPELINEOPERATIONAL
- CALENDAR SYNCOPERATIONAL
THE PRACTICES
Six locks, no theater.
Secure authentication
OAuth 2.0 and SAML SSO, two-factor authentication, and hardware-key support for the truly careful.
Hardened infrastructure
Hosted on SOC 2 Type II certified cloud infrastructure with regular security audits and penetration testing.
Access controls
Role-based permissions with granular workspace controls — people see exactly what their role needs, nothing more.
Audit logging
Complete activity logs for compliance and forensics. Every meaningful action leaves a verifiable trail.
Threat detection
A 24/7 security operations watch with automated threat detection and established response protocols.
COMPLIANCE
Stamped and audited.
SOC 2 Type IICERTIFIED
GDPRCOMPLIANT
CCPACOMPLIANT
ISO 27001IN PROGRESS
VENDORS HANDLING CUSTOMER DATA MUST HOLD SOC 2 OR EQUIVALENT · PEN-TESTED REGULARLY
RESPONSIBLE DISCLOSURE
Found something? Tell us first.
We respond to verified vulnerability reports within 48 hours and credit researchers who help keep Formilist calm — and safe.