Security & trust

Your data, locked down by default.

Formeze remembers the information you choose to save, so it’s built to treat that information as sensitive at every step: encrypted on disk, protected in transit, and never used in ways you didn’t ask for.

AES-256-GCM at rest
TLS in transit
bcrypt cost 12
In-house AI
Formeze

How we think about it

Three commitments shape every security decision behind Formeze.

/01

Encrypt by default

Every saved value is encrypted before it touches the database.

Field values aren't stored in plain text. Each one is encrypted with AES-256-GCM — authenticated encryption that also detects tampering — before it's written to storage.

/02

Keep you in control

Formeze never submits a form on your behalf.

Autofill is a review loop, not an autopilot. You see what was matched and what needs a second look, and you can export or delete everything you've saved at any time.

/03

Stay in-house

Your data isn't handed to third-party AI providers.

Every part of our AI — from semantic matching to optional AI-assisted formatting — runs on independent models on our own servers. Your saved values are never sent to an outside AI provider, and we never sell or resell your personal data.

The practices

What that looks like in the product.

The specifics behind the promise — the encryption, hashing, and access controls that protect your account and your saved data.

/01

Encryption at rest

Saved field values are encrypted with AES-256-GCM. Every record gets a fresh random initialization vector and an authentication tag, so stored data can't be silently altered.

AES-256-GCMPer-record IVTamper detection
/02

Encryption in transit

All traffic between your browser or extension and our servers travels over TLS. Your data is protected on the wire as well as on disk.

TLS everywhereBrowser & extensionPDF uploads
/03

Password protection

Passwords are hashed with bcrypt at cost factor 12 — never stored in plain text. Sign-in uses constant-time checks so attackers can't probe which emails have accounts.

bcrypt (cost 12)No plaintextEnumeration-resistant
/04

Hardened account flows

Email verification and password resets use cryptographically random tokens that are single-use and expire after one hour, limiting the window for misuse.

Single-use tokens1-hour expiryCryptographic RNG
/05

In-house intelligence

Both semantic matching and optional AI-assisted formatting run on independent models hosted on our own infrastructure. Your saved values are never sent to outside AI providers, and we never sell your data.

On-server modelsNo third-party AINo data resale
/06

Review before submit

Confidence states flag sensitive or uncertain fields so you can verify them before anything leaves the page. Formeze fills — you decide what to submit.

Confidence statesSensitive-field flagsNever auto-submits
/07

Your data, your call

Export or delete everything you've stored straight from account settings. Deleting your account permanently removes your fields, embeddings, and usage history.

One-click exportDelete anytimeFull account purge
/08

Key separation

The encryption key lives apart from the database, and the encrypted format is versioned so keys can be rotated without losing access to existing data.

Separate key storeVersioned formatRotation-ready

Questions?

Found something, or want to know more?

If you have a security question or want to report a vulnerability, we want to hear from you.