We protect formula IP, supplier data, account data, and AI workflows with encryption, access controls, managed infrastructure, and clear customer data rights.
At a glance
Formula IP, supplier specs, cost data, documents, account access, billing flows, support activity, and customer exports.
Encryption, role-based permissions, vendor-managed infrastructure, and logged internal access.
Export data, request deletion, manage marketing consent, and contact security or privacy directly.
Formuley runs on managed hosting and data services with vendor security evidence available for procurement review. Formuley is not currently claiming its own SOC 2 certification. We pair vendor assurance with product controls like encryption, role-based access, backups, and audit logging.
Formula IP Protection
Most teams do not need customer-operated on-prem to protect proprietary formulas. Formuley starts with privacy-safe product controls, then scopes dedicated infrastructure only when an enterprise security requirement truly needs it.
Exact percentages, supplier-specific records, SKU details, costs, margins, and launch timing are treated as restricted customer data.
Supplier-facing workflows exclude private formulas, percentages, costs, margins, customer lists, lab notes, and launch timing unless you explicitly share a specific artifact.
Sensitive formula, supplier, batch, document, and cost context is blocked from external AI by default and can be routed through private-lane or no-external-AI policies.
Secure deployment path
Enterprise customers can request stricter AI policies, no-external-AI posture, dedicated deployment, or customer-managed private cloud review by agreement.
Now
Security packet, supplier-safe data boundaries, metadata-only AI logging, private-lane controls, DPA review, exports, deletion, and audit posture.
Enterprise
Dedicated tenant or private cloud scope, private AI or AI disabled, custom security review, and annual agreement support.
Scoped beta
Available only for large enterprise requirements with paid implementation, a named customer IT owner, and shared operations responsibilities.
All your data is encrypted both at rest and in transit:
What this means: We use standard encryption controls to protect stored data and data sent between your browser and Formuley.
Your formulas are yours alone:
What this means: Other customers cannot access your data, and internal access is limited to authorized personnel when required to operate or support the service.
Formuley runs on managed cloud infrastructure with layered protections:
What this means: Your data is hosted on managed cloud services with standard physical, network, and operational safeguards. Our primary production hosting is in the United States today.
Multiple layers protect your account:
What this means: Only you (and team members you explicitly authorize) can access your account.
Advanced security controls for teams and organizations:
Assisted identity-provider onboarding for organizations with stricter access requirements
Restrict platform access to approved lab, office, or VPN networks
Define granular permissions for every role on your team
Time-based one-time passwords for an additional layer of protection
Complete history of every action taken, retained for over 7 years
View active sessions and sign out all devices remotely
Your work is protected:
What this means: Backups help us recover from operational incidents and may help with some support requests, but deleted accounts are removed from active systems promptly and restoration is not guaranteed.
We follow industry best practices:
We support export, correction, and deletion requests. Contractual privacy terms such as a DPA are available for eligible business and enterprise agreements.
Data is hosted in the US region using vendors with audited security controls, including Supabase and AWS infrastructure.
EU data residency option is planned and coming soon for organizations that require data to remain within the European Union.
Coming SoonWe're committed to never:
We make money from subscriptions—not your data.
You have complete control over your data:
Export account, workspace, AI, and marketing data from settings
Delete your account and active-system data permanently
Request security or fraud data through a verified manual process
Update or correct your information
Withdraw separate marketing consent without affecting service access
To exercise these rights, visit your account settings or contact us at support@formuley.io
Self-serve exports do not include security or fraud-prevention logs. Those are handled through verified manual privacy requests.
If you believe you've found a security vulnerability in Formuley, we want to hear from you.
Please email security@formuley.io with details. We commit to acknowledging your report within 48 hours and working with you toward a resolution.
Our commitment: We do not pursue legal action against good-faith security researchers who follow responsible disclosure practices.
Need a DPA, security questionnaire, subprocessor list, or uptime documentation for customer review? We can help your procurement process move faster without overstating what is live today, including current US hosting posture and available SCC/DPA paperwork where applicable.
Have security questions, procurement requirements, or customer review needs? We're here to help.
Contact usWe review security and procurement requests on business days
Last updated: June 17, 2026
