Formbricks Achieves SOC 2 Type II Compliance

We're excited to announce that Formbricks has achieved SOC 2 Type II compliance! This significant milestone represents our commitment to enterprise-grade security and data protection for organizations that trust us with their experience management data.

What is SOC 2 compliance?

SOC 2 (System and Organization Controls 2) is a rigorous auditing framework developed by the American Institute of CPAs (AICPA). It evaluates how companies handle customer data based on five trust service criteria:

• Security: Protection against unauthorized access
• Availability: System availability for operation and use
• Processing Integrity: System processing is complete, accurate, and timely
• Confidentiality: Information designated as confidential is protected
• Privacy: Personal information is collected, used, retained, and disclosed in accordance with privacy principles

Formbricks' SOC 2 journey

Achieving SOC 2 Type II compliance involved a comprehensive audit of our controls, powered by OneLeet:

Security controls

• Access Management: Multi-factor authentication, role-based access controls, and least-privilege access to production systems
• Data Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256), including backups
• Infrastructure Security: Hosted in Germany, with network segmentation, DDoS protection, and container scanning with Trivy
• Code Quality: Automated static analysis with SonarQube, dependency scanning with Dependabot

Operational excellence

• Incident Response: Documented procedures for security incidents
• Change Management: Peer review, CI/CD testing, and strict quality gates on every code change
• Vendor Management: Rigorous assessment of third-party providers
• Employee Training: Security awareness and policy review as part of onboarding

Data protection

• Privacy Controls: Full GDPR and CCPA compliance
• Audit Logging: Comprehensive tracking of system activities
• Backup and Recovery: Daily encrypted backups with tested disaster recovery
• Penetration Testing: Annual independent tests. Reports available via our Trust Center

Open Source, SOC 2 and Natively On-Premises

With SOC 2 Type II compliance and full on-premises support, Formbricks sets a new standard for robust compliance in Experience Management.

With our open-source license, we are proud to provide the security and reliability that regulated industries need not only to large enterprise customers, but everyone who needs it.

Looking ahead

Security and Privacy is not a one-time achievement but an ongoing commitment. We will:

• Annual Audits: Maintain compliance through regular SOC 2 Type II audits
• Continuous Improvement: Enhance security controls based on emerging threats
• Transparency: Provide compliance documentation to enterprise customers via our Trust Center
• Innovation: Continue developing advanced security features for both Cloud and self-hosted deployments

Get started with Formbricks

Ready to use an experience management platform with enterprise-grade security?

• Try Formbricks Cloud: Get started for free on SOC 2 Type II compliant infrastructure
• Self-Host Formbricks: Full data sovereignty with the same secure codebase
• View Our Trust Center: See our compliance status and request reports

Conclusion

We're proud to provide the security, reliability, and compliance that modern organizations require, while maintaining the open-source transparency and flexibility that make Formbricks the preferred choice for experience management.

For questions about Formbricks' security and compliance, contact us at [email protected] or visit our Trust Center.

Frequently Asked Questions

---