logo

Security & Compliance

Last updated February 25th, 2025

Aidansforms is committed to ensuring that Aidansforms is continuously available and keeps your data secure. Aidansforms uses a variety of industry-standard technologies and services to secure your data from unauthorized access, disclosure, use, and loss.

Security at Aidansforms is directed by Aidansforms's Chief Technology Officer and maintained by our Infrastructure team.

Infrastructure Security and Reliability

Cloud platform security

Aidansforms services are primarily hosted on Google Cloud Platform, providing best-in-class physical and logical security. Therefore, Aidansforms services are built upon secure infrastructure as described in the Google infrastructure security design overview. You can also read further about the security polices and practices behind the operation of Google Cloud Platform in the Google security overview whitepaper.

Reliability

Aidansforms strives to maintain high operational availability of our services platform. You can see the current status and recent availability history at status.aidansform.com.

Business Continuity and Disaster Recovery

Aidansforms's GCP infrastructure is properly configured as high-availability to ensure proper failover in case of a zone failure. Daily encrypted backups are kept in GCP. While never expected, we are prepared to restore data from backups in the event of a production data loss. Aidansforms performs regular technical and procedural testing of our disaster recovery plan.

Data Security and Privacy

End-user data

In all scenarios regarding our users' data, Aidansforms is GDPR-, CCPA-, and Data Privacy Framework-compliant.

Data encryption

Data is encrypted in transit and at rest. Aidansforms uses HTTPS to encrypt data in transit and encrypts data at rest using industry-standard encryption algorithms, including AES-256 or greater.

Data removal

User data is immediately scheduled for timely deletion upon deletion of a user profile or account. To ensure they are authorized to do so, users must delete their accounts from within the Aidansforms user interface. One a user profile or account is deleted, a job is initiated to delete any corresponding records stored by a subprocessor.

Application Security

Multi-factor authentication

Individual user profiles can enable multi-factor authentication (MFA) to add an extra layer of security to their accounts. MFA requires users to provide two or more verification factors to access their accounts, such as a time-based one-time password (TOTP) or backup key, in addition to a password. Additional factors are also required when logging in via the Aidansforms or EAS CLIs.

Note that Aidansforms staff are unable to bypass the additional login factors to recover an account with MFA enabled where the MFA device or one-time codes has been lost.

Single-sign on

Organizations with Enterprise plans can enable single-sign on (SSO) to allow their users to log in to Aidansforms using their existing identity provider. This allows organizations to manage their users' access to Aidansforms using their existing identity management system. Supported identify providers include Okta, OneLogin, Google, and Microsoft Entra ID.

Audit logging

Audit logs of administrative activities are available for all paid subscribers. These logs include information about users added and removed, API tokens generated, changes to build and deploy credentials, and other actions.

Security Policies

Aidansforms maintains security polices, which are reviewed annually and updated regularly. These policies include:

  • Asset Management
  • Data Protection
  • Data Retention
  • Information Security
  • Incident Response
  • Risk Assessment
  • Software Development Life Cycle
  • System Access Control
  • Vendor Management
  • Vulnerability Management

Aidansforms conducts background checks for all new personnel and requires annual security training.

Vulnerability Disclosure

Vulnerabilities and security concerns related to Aidansforms tools can be reported to security-reports@aidansform.com. Be sure to include a proof of concept, a list of tools used (including versions), and the output of the tools. We take all disclosures seriously and will respond to valid reports as we verify the vulnerability and develop a fix.

Be aware that our bug bounties are typically reserved for confirmed reports of vulnerabilities that are comparable in severity to RCE.