SECURITY & PRIVACY

Your data is yours.

CleverForms is built on the assumption that form response data is sensitive. Here’s exactly how we protect it.

01
Encryption in transit & at rest

All data is encrypted over TLS 1.2+. Data at rest is encrypted using AES-256. File uploads are stored with per-object encryption keys.

02
Access controls

Form responses are only accessible to the account that owns the form. API keys are scoped and can be revoked at any time. No CleverForms employees access your data without your explicit request.

03
GDPR compliance

CleverForms is GDPR-ready. You control what data you collect. Respondents can request deletion. We process data under a Data Processing Agreement available on request.

04
Data minimization

We only store what your forms collect. Session analytics track field interactions without storing personally identifiable information by default.

05
Infrastructure

Hosted on SOC 2 Type II certified infrastructure. Automated backups with point-in-time recovery. 99.9% uptime SLA on Business plan.

06
Responsible disclosure

Found a vulnerability? Email us at security@stayclever.in. We aim to respond within 48 hours and will credit researchers who report valid issues.

TLS 1.2+ encryption
AES-256 at rest
GDPR ready
SOC 2 infrastructure
HIPAA available
99.9% uptime SLA
COMMON QUESTIONS
Where is my data stored?
Data is stored in the EU (AWS eu-west-1) by default. US-region storage is available on the Business plan.
Can respondents request their data be deleted?
Yes. You can delete individual responses from the dashboard, which removes all associated data and uploaded files. Bulk deletion is also available.
Do you sell or share form response data?
No. Your form response data is never sold or shared with third parties. We use aggregate, anonymized usage data to improve the product.
Is CleverForms HIPAA compliant?
HIPAA-ready data handling — including Business Associate Agreements — is available on the Business plan. Contact us to get started.
How are API keys secured?
API keys are hashed before storage. The full key is only shown once at creation time. You can rotate or revoke any key from the settings page.

Have a security question or concern?

security@stayclever.in