Formfy Security & Compliance: Enterprise-Grade Protection for Your Data

Security Built from the Ground Up

Formfy was built with security as a core principle, not an afterthought. We implement industry-standard encryption, comprehensive audit trails, and compliance frameworks to protect your sensitive documents and client data.

Legal Compliance

ESIGN Act (United States)

Formfy e-signatures fully comply with the Electronic Signatures in Global and National Commerce Act, making them legally equivalent to handwritten signatures for most documents.

UETA (State-Level US)

Compliant with the Uniform Electronic Transactions Act adopted by 47 US states, ensuring e-signatures are valid for contracts and agreements.

eIDAS (European Union)

Formfy supports Standard Electronic Signatures (SES) under eIDAS regulation, providing legal validity across all EU member states.

GDPR (Data Protection)

Full GDPR compliance with data subject rights, consent management, data portability, and right to erasure for EU users.

Security Features

256-bit AES Encryption

All documents encrypted at rest using AES-256, the same standard used by banks and government agencies.

TLS 1.3 In Transit

All data transmitted using the latest TLS 1.3 protocol, preventing interception and man-in-the-middle attacks.

Complete Audit Trails

Every action logged with timestamps, IP addresses, device information, and user identification. Immutable records for legal purposes.

Secure Authentication

Email verification, optional two-factor authentication, and secure session management protect account access.

Audit Trail Contents

Every signature in Formfy captures:

  • Signer email address
  • IP address at time of signing
  • UTC timestamp
  • Browser and device information
  • Geolocation (if permitted)
  • Document hash (SHA-256)
  • Signature image capture
  • Consent acknowledgment

Frequently Asked Questions

Is Formfy HIPAA compliant?

Formfy implements technical safeguards required for HIPAA compliance including encryption, access controls, and audit logging. Healthcare organizations should contact us for a Business Associate Agreement (BAA) for full HIPAA compliance.

Does Formfy meet GDPR requirements?

Yes. Formfy supports GDPR compliance with data processing controls, right to deletion, data export capabilities, and clear consent mechanisms. EU user data can be stored in compliant infrastructure.

How does Formfy protect sensitive documents?

All documents are protected with 256-bit AES encryption at rest and TLS 1.3 in transit. Access requires authentication, and all actions are logged with timestamps, IP addresses, and user identification.

Are Formfy e-signatures legally binding?

Yes. Formfy e-signatures comply with the ESIGN Act (US), UETA (state-level US), and eIDAS (EU). Documents include complete audit trails making them admissible in court proceedings.

What audit trail information does Formfy capture?

Every signature captures: signer email, IP address, timestamp (UTC), device/browser information, geolocation (if permitted), and a cryptographic hash of the signed document. This creates an irrefutable record.

Security Questions?

Our team is happy to discuss your specific compliance requirements.

Contact Security TeamStart Free Trial

Related Comparisons

Formfy vs DocuSignFormfy for HR TeamsAll-in-One Platform