Security & compliance
Your data and your clients’ data is protected at every level — so you can focus on collecting responses, not worrying about them.
Protection at every layer
Data security
Encrypted everywhere
At rest (AES-256) and in transit (TLS 1.2+).
Row-level security
Tenant isolation — no cross-organization access.
Regular audits
Ongoing security review of the platform.
Email security
SPF · DKIM · DMARC
Authenticated on mail.formailo.com.
Amazon SES
Reliable, reputable delivery infrastructure.
Bounce & complaint monitoring
Continuous deliverability tracking.
Access control
- ✓JWT-based authentication
- ✓Role-based access (owner, admin, member)
- ✓Organization-level data isolation
Compliance
- ✓GDPR compliant
- ✓Privacy Policy & Terms of Service published
Abuse protection
- ✓Auto-pause for high bounce / complaint rates
- ✓Rate limiting on all endpoints
- ✓Global kill switch for emergencies
Security questions? security@formailo.com
Security questions, answered
Yes. Row-level security enforces per-tenant isolation — your forms, responses and contacts are never accessible to another organization.
SPF, DKIM and DMARC are configured on mail.formailo.com, and all email is sent through Amazon SES for reliable, authenticated delivery.
Yes — data is processed in line with GDPR, and you can export or delete your data at any time. Privacy Policy and Terms of Service are published.
High bounce/complaint rates trigger automatic account pausing, all endpoints are rate-limited, and a global kill switch lets us stop sending instantly if needed.
JWT-based authentication with role-based access (owner, admin, member) and organization-level data isolation.