Back to home

Trust & Safety

Security at
Strac Forms

Last updated: April 13, 2026

TLS Encryption
All data in transit is encrypted using TLS 1.2+.
At-Rest Encryption
Data stored on disk is encrypted using AES-256.
Enterprise Infrastructure
Built on ServiceTrac's compliance-grade platform.

Our Approach

Strac Forms is built on ServiceTrac's infrastructure, designed from the ground up for enterprise data security. We take security seriously because your respondents trust you with their information, and you trust us with it.

Data Encryption

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data stored on our servers — including form responses, account details, and files — is encrypted at rest using AES-256.

Access Controls

Access to production systems is restricted to authorised personnel only, using multi-factor authentication and role-based access controls. We follow the principle of least privilege — employees can only access data necessary for their role.

Customer data is logically isolated by workspace. No team can access another team's data.

Infrastructure

Our infrastructure is hosted in data centres with SOC 2 Type II certification. Servers are located within India. We perform regular backups and test restoration procedures to ensure data can be recovered in the event of a failure.

Application Security

  • Regular dependency audits and automated vulnerability scanning.
  • Input validation and output encoding to prevent injection attacks.
  • CSRF protection on all authenticated endpoints.
  • Content Security Policy (CSP) headers on all pages.
  • Rate limiting on all public-facing APIs to prevent abuse.

Incident Response

We maintain an incident response plan that is tested regularly. In the event of a confirmed data breach affecting your data, we will notify you within 72 hours of becoming aware of it, in accordance with applicable data protection laws.

Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. If you discover a potential security issue, please contact us at security@stracforms.com. Do not disclose vulnerabilities publicly until we have had a reasonable opportunity to investigate and address them. We do not take legal action against researchers who follow responsible disclosure principles.

Your Responsibilities

Security is a shared responsibility. We recommend:

  • Using a strong, unique password for your Strac Forms account.
  • Enabling two-factor authentication when available.
  • Only inviting trusted team members to your workspace.
  • Reviewing and removing unused forms that collect sensitive data.

Contact

For security questions or to report a vulnerability, email security@stracforms.com.