Security

Our Commitment to Security

At Formulove, we take the security of your personal information seriously. This page outlines the measures we implement to protect your data when you use our Chrome browser extension, web application, and related services (collectively, the "Service"). We are committed to transparency about our security practices so you can use our Service with confidence.

Data Encryption

Encryption in Transit

All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security) 1.2 or higher. This means:

• Your login credentials, profile data, and form information are protected when sent over the internet
• Every API request and response is encrypted end-to-end
• Our web application and extension only communicate over HTTPS connections

Encryption at Rest

Your data stored in our database is encrypted at rest:

• Database encryption protects your profile information, form data, and account details
• Encryption keys are managed securely by our infrastructure providers
• Backups are also encrypted to prevent unauthorized access

Authentication and Access Control

Secure Authentication

• Password Security: Passwords are hashed using industry-standard algorithms before storage. We never store your plain-text password.
• Session Management: Authentication tokens are securely generated and validated on each request. Sessions expire after periods of inactivity.
• Multi-Method Support: We support secure authentication through email/password and OAuth providers, all using established security protocols.

Access Controls

• Row-Level Security (RLS): Our database uses Row-Level Security policies to ensure users can only access their own data. Your information is isolated from other users at the database level.
• Principle of Least Privilege: Our systems are designed so that each component has only the minimum access required to perform its function.
• API Authorization: Every API request is validated to ensure the authenticated user has permission to access the requested resources.

Infrastructure Security

Hosting and Infrastructure

We rely on trusted, enterprise-grade infrastructure providers:

• Vercel: Our web application is hosted on Vercel, which provides DDoS protection, automatic SSL, and secure edge networking.
• Supabase: Your data is stored in Supabase, which offers enterprise-grade security including encrypted connections, secure authentication, and compliance with industry standards.

Third-Party Services

We carefully select and monitor our third-party service providers:

• Stripe: All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. We never store your full payment card details—Stripe handles all sensitive payment data.
• Google Gemini: AI-powered form analysis uses Google's API. Form field data sent for processing is transmitted over encrypted connections and handled according to Google's security practices.

Data Protection Practices

What We Protect

We implement security measures to protect:

• Your account credentials and authentication tokens
• Your profile data (name, address, contact information, etc.)
• Form data you choose to store for autofill
• Payment and subscription information (processed by Stripe)
• Usage and analytics data

What We Do Not Do

• We do not sell your personal information
• We do not share your data with third parties for marketing purposes
• We do not store your full payment card numbers
• We do not access form data on websites unless you explicitly use our extension

Chrome Extension Security

Minimal Permissions

Our Chrome extension requests only the permissions necessary to function:

• activeTab: Allows the extension to access form fields only when you actively use it on a page you are visiting.
• storage: Stores authentication tokens locally in your browser.
• sidePanel: Provides the extension interface for managing form filling.

Data Handling

• The extension only operates when you explicitly interact with it or initiate form filling
• Form data is transmitted only when you choose to use the autofill feature
• We do not passively collect or transmit data from pages you browse

Monitoring and Incident Response

Security Monitoring

• We monitor our systems for unusual activity and potential security threats
• Logging and monitoring help us detect and respond to issues promptly
• We use rate limiting and other measures to prevent abuse

Incident Response

In the event of a security incident:

• We will investigate and take steps to contain and remediate the issue
• We will notify affected users when required by law or when we believe notification is in their best interest
• We will work to prevent similar incidents in the future

Reporting Security Issues

If you discover a security vulnerability, please report it to us at hi@formulove.ai. We appreciate responsible disclosure and will respond promptly.

Your Role in Security

You can help protect your account by:

• Strong Passwords: Use a unique, strong password for your Formulove account
• Account Security: Do not share your account credentials with others
• Review Before Submit: Always review form data before submitting—our AI assists but you are in control
• Sign Out: Sign out from shared or public devices when finished

Updates to This Page

We may update this Security page from time to time to reflect changes in our practices or services. We will update the "Last updated" date at the top when we make changes. Your continued use of the Service after changes constitutes acceptance of the updated terms.

Contact Us

If you have questions about our security practices or your data, please contact us at:

Email: hi@formulove.ai

We are committed to addressing your concerns and will respond within a reasonable time.

Last updated: February 13, 2026