Security, SSO & Compliance — Built In
Deploy FormFlow across your organisation with single sign-on, audit trails, and enterprise-grade data governance. Trusted by 340+ companies processing over 12 million form submissions annually.
Meet Your Compliance Obligations Out of the Box
FormFlow is independently audited and certified against the standards your legal and procurement teams require. Every form submission is encrypted in transit (TLS 1.3) and at rest (AES-256), with data residency options across EU, US, and APAC regions.
GDPR & UK GDPR
Full data subject access request (DSAR) workflow, right-to-erasure tooling, and a Data Processing Agreement (DPA) included at every plan tier. Processing activities mapped to Article 30 records since 2021.
CCPA / CPRA
Automated "Do Not Sell/Share" signal handling, consumer request intake forms, and 45-day response SLA tracking. Certified by OneTrust's CCPA compliance assessment in Q4 2023.
SOC 2 Type II
Annual audit by BSR Consulting covering Security, Availability, and Confidentiality trust service criteria. Zero critical or high findings across the last three consecutive audit cycles.
HIPAA BAA
Available for US healthcare customers. Covered Entity–Business Associate Agreement included. PHI is isolated in dedicated tenant environments with enhanced access logging and field-level encryption.
ISO 27001:2022
Certified information security management system (ISMS) covering all FormFlow development, hosting, and support operations. Certificate maintained by DNV since March 2022.
21 CFR Part 11
Electronic records and electronic signatures compliant with FDA requirements. Full audit trail with immutable timestamps, reason-for-change fields, and signature binding on every submission.
Guarantees Your IT Team Can Rely On
Enterprise plans include a legally binding SLA with measurable uptime, response-time commitments, and a dedicated customer success engineer. Below is what we guarantee — not what we hope for.
99.99% Platform Uptime
Measured monthly across all FormFlow API endpoints and form-rendering infrastructure. Downtime credit calculated pro-rata and issued automatically — no ticket required. 2024 actual: 99.997%.
Priority Support Response
Critical severity (P1) issues acknowledged within 15 minutes, 24/7/365. Standard issues (P2) within 1 business hour during extended support windows (06:00–22:00 UTC). Dedicated Slack channel available.
SSO & Provisioning
SAML 2.0 and SCIM 2.0 support for Okta, Azure AD, and PingIdentity. Just-in-time provisioning, automated de-provisioning on offboarding, and role-based access synced from your IdP in under 60 seconds.
Data Retention & Export
Configurable retention policies from 90 days to indefinite. Bulk export in JSON, CSV, or XLSX via API or scheduled delivery to S3, Azure Blob, or Google Cloud Storage. Immutable audit logs retained for 7 years minimum.
Dedicated Customer Success
Named account manager and solutions engineer assigned to your organisation. Quarterly business reviews, onboarding workshops, and a shared Confluence space for documentation and runbooks.
Custom Subdomain & Branding
Host forms on your own domain (e.g., forms.yourcompany.com) with your TLS certificates. White-label experience with custom CSS, logos, and favicons — no "Powered by FormFlow" attribution.
What Our Enterprise Customers Say
Meridian Health Systems
"We replaced three legacy form tools with FormFlow after the SOC 2 and HIPAA reviews cleared it. SSO integration with our Azure AD took less than a day, and our compliance team signed off in one meeting." — Diana Okoro, VP of Digital Operations, Meridian Health Systems (4,200 employees)
Northgate Financial Group
"Our procurement process required a DPA, data residency in the EU, and an audit trail for every submission. FormFlow delivered all three without custom engineering. We went live across 14 offices in six weeks." — James Whitfield, Head of IT Security, Northgate Financial Group
City of Portland — IT Department
"FormFlow's 21 CFR Part 11 compliance and field-level encryption met our public-sector data handling standards. The dedicated support channel and quarterly reviews give us confidence we won't be left stranded." — Sarah Lin, Director of Application Services, City of Portland
Talk to Our Enterprise Sales Team
Every enterprise engagement starts with a security review and a personalised onboarding plan. We'll walk you through SSO configuration, data residency options, and a proof-of-concept build tailored to your workflows.
Typical response time: under 4 business hours. Average time-to-go-live for enterprise customers: 3–5 weeks.