Security you can trust
We handle your form data with the same level of security as financial institutions. From encryption to compliance, security is built into every layer.
Security features
Every layer of Atlas Forms is designed with security in mind
HTTPS/TLS Encryption
All data transmitted to and from Atlas Forms is encrypted using industry-standard TLS 1.3. Every form submission, API call, and webhook delivery is encrypted in transit.
Data Encryption at Rest
Your form submissions and uploaded files are encrypted at rest using AES-256 encryption. Database backups are encrypted and stored securely with geographic redundancy.
SOC 2 Compliance
We are actively pursuing SOC 2 Type II certification to ensure our security controls meet the highest industry standards for data protection, availability, and confidentiality.
GDPR Compliance
Atlas Forms is fully GDPR compliant. We provide data processing agreements, support data deletion requests, and give you full control over your data with export and deletion tools.
Regular Security Audits
We conduct regular internal security audits and penetration testing. Our codebase follows security best practices with automated vulnerability scanning on every deployment.
Secure File Storage
Uploaded files are stored in isolated buckets with signed URLs and time-limited access tokens. Files are scanned for malware and have configurable retention policies.
Built on secure infrastructure
We leverage world-class infrastructure providers to ensure maximum security and reliability
Cloudflare
Global CDN with DDoS protection and WAF
- Edge caching
- DDoS mitigation
- Bot protection
- Zero-trust security
Cloudflare D1
SQLite-based edge database with encryption
- Encrypted database
- Edge-local queries
- Global replication
- Automatic backups
Data handling practices
Transparent policies that put you in control of your data
Data Minimization
We only collect data necessary to provide our service. No tracking pixels, no analytics cookies, no third-party data sharing.
Data Retention
You control how long submissions are stored. Set automatic deletion policies or manually delete data anytime through the dashboard or API.
Data Portability
Export your data anytime in JSON, CSV, or Excel formats. Full API access means you always have programmatic access to your data.
Data Deletion
Request complete account deletion through your dashboard. We permanently delete all data within 30 days, including backups.
Access Controls
Role-based access control with team permissions. API keys are scoped to specific projects with granular permission levels.
Audit Logging
All data access, modifications, and deletions are logged. Available for Business and Enterprise plans.
Responsible disclosure
We take security vulnerabilities seriously
If you discover a security vulnerability in Atlas Forms, we encourage you to report it responsibly. We appreciate your efforts to help us keep Atlas Forms secure.
How to report
Email us at security@atlasforms.app with details of the vulnerability. Please include:
- Description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Your contact information for follow-up questions
- Any proof-of-concept code or screenshots (optional)
We commit to acknowledging your report within 48 hours and will work with you to understand and resolve the issue promptly. We do not currently offer a bug bounty program, but we will publicly acknowledge researchers who responsibly disclose vulnerabilities (with your permission).
Compliance & certifications
Meeting enterprise security requirements
GDPR Compliance
Atlas Forms is fully compliant with the General Data Protection Regulation (GDPR). We provide Data Processing Agreements (DPAs) for all customers and support data subject access requests, right to deletion, and data portability.
SOC 2 Type II (In Progress)
We are actively pursuing SOC 2 Type II certification. Our security controls are designed to meet SOC 2 requirements for security, availability, and confidentiality. Enterprise customers can request our current security documentation.
CCPA Compliance
We comply with the California Consumer Privacy Act (CCPA). California residents have the right to know what personal information we collect, request deletion, and opt-out of any data sales (we never sell your data).
For questions about compliance, security policies, or to request documentation, contact us at compliance@atlasforms.app
Need additional security requirements?
We work with enterprise customers to meet specific security and compliance needs. Custom data residency, dedicated instances, SSO, and more.