formula
Back to home

Security

Last updated: February 16, 2026

At Formula, protecting your data is fundamental to everything we build. This page describes the security measures and practices we employ to keep your information safe.

1. Infrastructure Security

  • Cloud hosting: The Service is hosted on enterprise-grade cloud infrastructure with high availability, redundancy, and geographic distribution.
  • Network security: Our infrastructure is protected by firewalls, intrusion detection systems, and network segmentation to isolate sensitive systems.
  • DDoS protection: We use distributed denial-of-service mitigation services to ensure availability of the platform.

2. Data Encryption

  • In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS on all connections.
  • At rest: Your data is encrypted at rest using AES-256 encryption. Database backups are also encrypted.
  • Key management: Encryption keys are managed through secure key management services with strict access controls and regular rotation.

3. Access Controls

  • Principle of least privilege: Team members only have access to the systems and data necessary for their role.
  • Multi-factor authentication: All internal systems require multi-factor authentication for access.
  • Access reviews: We conduct regular reviews of access permissions and promptly revoke access when team members change roles or leave the organization.

4. Application Security

  • Secure development: We follow secure coding practices and conduct code reviews for all changes to the platform.
  • Dependency management: We regularly scan and update third-party dependencies to address known vulnerabilities.
  • Input validation: All user inputs are validated and sanitized to prevent injection attacks and other common vulnerabilities.

5. Data Isolation

Each customer's data is logically isolated within our systems. Your marketing spend data, sales figures, and model outputs are never accessible to other customers. We enforce strict tenant separation at the application and database layers.

6. Monitoring and Incident Response

  • Continuous monitoring: We monitor our systems around the clock for suspicious activity, unauthorized access attempts, and performance anomalies.
  • Logging: Security-relevant events are logged, retained, and regularly reviewed.
  • Incident response: We maintain an incident response plan that includes identification, containment, eradication, recovery, and post-incident review. In the event of a data breach affecting your information, we will notify you in accordance with applicable law.

7. Business Continuity

  • Backups: We perform regular automated backups of all data. Backups are encrypted and stored in geographically separate locations.
  • Disaster recovery: We maintain disaster recovery procedures designed to restore the Service in the event of a major disruption.

8. Vendor Security

We evaluate the security practices of third-party vendors and service providers before integrating them into our platform. Vendors with access to customer data are contractually required to maintain appropriate security measures.

9. Responsible Disclosure

We value the work of security researchers. If you discover a vulnerability in our Service, please report it to us responsibly. Contact us at hello@useformula.ai with details of the issue. We ask that you:

  • Provide sufficient detail for us to reproduce and address the issue.
  • Allow us a reasonable timeframe to investigate and remediate before public disclosure.
  • Avoid accessing, modifying, or deleting data belonging to other users.

10. Contact Us

If you have questions about our security practices, contact us at: