NodumForms for Security-led Teams

Your data,
protected by default.

Enterprise-grade security built into every plan — TLS encryption, hashed IPs, private file storage, and server-side enforcement on every API call.

Try for freeTalk to security
Ada Lovelace · ada@analytic-engine.org
Field: First name · "Augusta"
Field: IP · 203.0.113.42
Field: Card · 4242 4242 4242 4242
Field: Notes · "send the report quietly"
Hashing IPs, encrypting payload…

Secure by default,
on every plan.

Encrypted, end to end.

Every byte on the wire uses TLS 1.2 or greater. Your respondents are protected from the very first keystroke — no upgrade required.

Browser
Your respondent
NodumForms
Your workspace
TLS 1.2+ · End-to-end encrypted

Private file storage.

Uploads live in private buckets with no public URLs. Only authenticated calls from inside your workspace can ever reach them.

Private bucket
No public URLs
PDF
report.pdf
Authenticated access only
PNG
avatar.png
Authenticated access only
CSV
data.csv
Authenticated access only
ZIP
backup.zip
Authenticated access only

Hashed IPs.

Raw IP addresses are never persisted. We hash on the way in — so what we hold isn't traceable back to your respondents.

Raw IP address
203.0.113.42
SHA-256
Stored hash

Server-side enforcement.

Plan limits, permissions, and access controls all run on our servers. Client-side gating is cosmetic only.

API Request Pipeline
Auth verified
Plan limits checked
Rate limited
Input sanitized
Client-side gating is cosmetic only — server enforces everything.

No data training.

Your form data is never used to train AI models, and never sold or shared with third parties. Ever.

No training. No sharing.
Your form data is never used to train AI models or shared with third parties.
✓ Zero data training
✓ No third-party sharing
✓ Your data only

Responses stay private.
Share only what you choose.

Access controls

Private by default.
Shared on your terms.

Every form and its responses are private until you invite someone. Grant owners, editors, or view-only access per person — and revoke it any time.

Talk to security
Who can see this form
Private to workspace
A
Alex Kim
alex@corp.io
Owner
M
Mia Reyes
mia@corp.io
Editor
T
Tom Bright
tom@corp.io
Owner
Invite by email…
Invite
Responses are private — only invited members can view them.
Identity

SSO and SAML,
on the platform you trust.

Enterprise plans include SAML SSO with the identity provider your team already uses — Okta, Azure AD, Google, OneLogin. Provisioning and deprovisioning stay in sync.

See Enterprise plans
Single sign-on (SAML)
Ok
Okta
Not configured
Az
Azure AD
Not configured
G
Google
Not configured
OL
OneLogin
Not configured
Enterprise plan · SAML 2.0 · SCIM provisioning available
Retention

Keep what you need.
Delete the rest.

Set workspace-wide retention windows for responses and uploads. Delete on demand, on a schedule, or never — your data, your call.

How retention works
Response Retention
Delete responses after
Applies workspace-wide. Exported data is not affected.
Never
2 years
1 year
90 days
30 days
7 days
✓ Compliant with GDPR right-to-erasure requirements.
Compliance

Working toward SOC 2,
already aligned.

Our security practices already follow SOC 2 Type 2 standards. We are working toward formal certification — and happy to share our current security posture with your team.

Request our security overview
Security & Compliance
SOC 2 Type 2
In progress
GDPR
Aligned
CCPA
Aligned
TLS 1.2+
Active
IP Hashing
Active

Designed to be trusted
by every type of team.

Security & IT

A platform you can hand to your security team without a long checklist of caveats. Hashed IPs, server-side enforcement, no training on your data.

Read our security overview

Legal & Compliance

GDPR- and CCPA-aligned, with consent prompts built in and retention controls at the workspace level. Working toward SOC 2 Type 2.

See compliance details

People & HR

Collect sensitive applications and surveys with confidence — private file storage, audit logs, and granular access controls keep the data tight.

See HR templates

Security that ships
with every form.

Start on the free plan — every protection above is on by default. Talk to us when you’re ready for SSO, audit logs, and SOC 2.

Try for freeTalk to security