Search help articles, tutorials, features, and guides...

Help Center

Getting Started

Form Building

Form Settings

Design & Themes

Logic & Flow

Sharing & Embeds

Responses & Analytics

Integrations & Automations

Account & Plans

Resources

Kiwiform API

Security at Kiwiform

At Kiwiform, we treat your data with the same level of security we expect for our own. Our security framework is built on industry-standard protocols and a "Zero Trust" architecture.

Core Security Architecture

We secure data at every stage: from the moment a respondent types a character to the moment you export your results.


  1. Data Encryption


    • In Transit: All data sent between our servers and your users is encrypted using TLS 1.3 (Transport Layer Security). This prevents "Man-in-the-Middle" attacks.

    • At Rest: All data stored in our databases is encrypted using AES-256, the global gold standard for data encryption. Even if a physical disk were stolen from a data center, the data would be unreadable.


  2. Infrastructure & Hosting


    • Global Resilience: We host our infrastructure on Tier-1 providers (AWS/DigitalOcean). These data centers are SOC2 Type II and ISO 27001 certified.

    • EU Sovereignty: For users requiring GDPR compliance, we offer dedicated data hosting within the European Union to ensure data never leaves the region.

    • Network Defense: We use enterprise-grade Web Application Firewalls (WAF) and DDoS protection to block malicious traffic and "bot" attacks before they reach your forms.


  3. Payment Security (Polar.sh)


    By using Polar.sh as our Merchant of Record:

    • PCI Compliance: Kiwiform never sees, handles, or stores your credit card information.

    • Secure Checkout: All payment processing is handled in a PCI-DSS Level 1 compliant environment.


  4. Feature-Specific Security


    • Partial Submissions: Data captured during the typing process is treated with the same encryption standards as final submissions. We use "secure nonces" to ensure that only the rightful form owner can access these entries.

    • AI Translation: We use the OpenAI API in a "Zero Retention" mode where possible. Your form questions are sent for translation, but they are not used to train global AI models.


Access Control

  • Role-Based Access: Internally, Mythics Design LLP follows the "Principle of Least Privilege." Only a tiny number of authorized engineers can access the production environment, and only for maintenance.

  • Multi-Factor Authentication (MFA): We strongly encourage all Kiwiform users to enable MFA on their accounts to prevent unauthorized access.


Reliability & Backups

  • Daily Backups: We perform automated daily backups of all databases.

  • Disaster Recovery: Our "Point-in-Time Recovery" (PITR) allows us to restore data to a specific second in the event of a critical failure.

  • Uptime Monitoring: We monitor our systems 24/7. You can check our status at any time [Insert Link to Status Page].