Overview
Formal is a technology company with the mission of helping companies have zero-data breaches.
We build a security and governance layer for enterprises' data stores such as Postgres, s3, Kafka, and more.
Our experience from working closely with companies with sensitive data in industries like fintech and health tech made us realize that most CSOs, DPOs and CTOs) does not have visibility to how data is produced, used, and consumed. This is the leading cause of data breaches, lack of control, and unmet regulatory requirements.
Therefore, Formal is a solution to bring data observability and governance to any company and abstract the technical complexity of such monitoring to decrease their data breach and compliance burden.
Security Overview:
- Data encrypted at rest and in transit. We use AWS RDS to manage our Postgres database. Our data is encrypted at rest and in transit with the industry-standard AES-256 encryption algorithm.
- Data Durability. All database data is backed up automatically once a day. That data is stored in 3 availability zones for data redundancy.
- Secrets, passwords, and API Keys are securely stored and encrypted thanks to AWS Secret Manager. All secrets are rotated once a month.
Compliance
We adhere to industry best practices and we are working towards compliance certifications.
Documents
Risk Profile
Product Security
Reports
We may provide security-related reports upon request.
Self-Assessments
We are working on our security compliance. We can provide completed questionnaires upon request.
Data Security
App Security
Access Control
Infrastructure
Endpoint Security
We follow industry best practices for endpoint security. We are happy to provide more details about our endpoint security practices upon request.
Corporate Security
We implement internal measures and practices to maintain a high standard of security.