Your formulas are your business. We protect them with encryption, access controls, vendor-audited infrastructure, and clear data practices.
Formuley runs on managed infrastructure covered by vendor SOC 2 Type II reports, including our hosting and managed data services. We pair that vendor assurance with product controls like encryption, role-based access, backups, and audit logging.
All your data is encrypted both at rest and in transit:
What this means: We use standard encryption controls to protect stored data and data sent between your browser and Formuley.
Your formulas are yours alone:
What this means: Other customers cannot access your data, and internal access is limited to authorized personnel when required to operate or support the service.
Formuley runs on managed cloud infrastructure with layered protections:
What this means: Your data is hosted on managed cloud services with standard physical, network, and operational safeguards. Our primary production hosting is in the United States today.
Multiple layers protect your account:
What this means: Only you (and team members you explicitly authorize) can access your account.
Advanced security controls for teams and organizations:
Assisted identity-provider onboarding for organizations with stricter access requirements
Restrict platform access to approved IP addresses and ranges
Define granular permissions for every role on your team
Time-based one-time passwords for an additional layer of protection
Complete history of every action taken, retained for over 7 years
View active sessions and sign out all devices remotely
Your work is protected:
What this means: Backups help us recover from operational incidents and may help with some support requests, but deleted accounts are removed from active systems promptly and restoration is not guaranteed.
We follow industry best practices:
We support export, correction, and deletion requests. Contractual privacy terms such as a DPA are available for eligible business and enterprise agreements.
Data is hosted in the US region using vendors with audited security controls, including Supabase and AWS infrastructure.
EU data residency option is planned and coming soon for organizations that require data to remain within the European Union.
Coming SoonWe're committed to never:
We make money from subscriptions—not your data.
You have complete control over your data:
Export account, workspace, AI, and marketing data from settings
Delete your account and active-system data permanently
Request security or fraud data through a verified manual process
Update or correct your information
Withdraw separate marketing consent without affecting service access
To exercise these rights, visit your account settings or contact us at support@formuley.io
Self-serve exports do not include security or fraud-prevention logs. Those are handled through verified manual privacy requests.
If you believe you've found a security vulnerability in Formuley, we want to hear from you.
Please email security@formuley.io with details. We commit to acknowledging your report within 48 hours and working with you toward a resolution.
Our commitment: We do not pursue legal action against good-faith security researchers who follow responsible disclosure practices.
Need a DPA, security questionnaire, subprocessor list, or uptime documentation for customer review? We can help your procurement process move faster without overstating what is live today, including current US hosting posture and available SCC/DPA paperwork where applicable.
Have security questions, procurement requirements, or customer review needs? We're here to help.
Contact usWe review security and procurement requests on business days
Last updated: March 24, 2026
