Security is architecture, not a checkbox.

Tenant isolation

Every form belongs to a workspace. Access is enforced by Postgres row-level security, not application code — a user can only ever read or write data in workspaces they belong to, verified end-to-end.

Response privacy

Submissions are owner-only at the database. The public can only write a response to a published form, and only through a single audited, security-definer path. Form passwords are stored as bcrypt hashes in an isolated table no API can read.

Encryption & transport

All traffic is TLS. Secrets are server-only and never shipped to the browser. The service-role key never leaves the server.

Data ownership & portability

One canonical schema, CSV export anytime, no lock-in. You can leave with all of your data, cleanly, whenever you want.

Anti-abuse

Built-in honeypot, optional CAPTCHA, and rate-limited public write paths protect forms from spam and abuse.

Roadmap

Audit logs, configurable retention, regional data residency and SSO are designed into the data model and roll out without re-architecture. (Certifications & sub-processor list to be published before GA.)

Report a vulnerability

Email support@askery.app. We acknowledge within one business day.