Form Connector Information Security Policy

1. Form Connector’s Commitment

Form Connector is committed to protecting the confidentiality, integrity, and availability of all information assets under our control. We recognize information security as critical to the trust of our customers, partners, and employees.

This policy is approved by company leadership and serves as our guiding framework for safeguarding information, complying with legal and contractual obligations, and continually improving our security practices.

2. Scope

This policy applies to:

  • All employees, contractors, and third parties handling Form Connector data.

  • All systems, networks, applications, and services managed by Form Connector.

  • Customer and business information processed by our platform.

3. Principles

We follow these security principles:

  • Confidentiality: Only authorized individuals have access to sensitive information.

  • Integrity: Data is accurate, complete, and protected from unauthorized modification.

  • Availability: Systems and data are accessible when required by authorized users.

4. Responsibilities

  • Management: Provide resources, oversight, and approval of security practices.

  • Employees/Contractors: Follow this policy, report incidents, and safeguard access credentials.

  • Security Lead (or equivalent): Implement controls, conduct monitoring, and review incidents.

5. Security Controls

Form Connector implements the following baseline measures:

  • Access Control: Role-based access, MFA for administrative systems, least privilege principle.

  • Data Protection: Encryption in transit (TLS 1.2+) and at rest (AES-256 or provider equivalent).

  • System Monitoring: Logging, alerting, and regular review of system activities.

  • Vulnerability Management: Regular patching and security updates for infrastructure and dependencies.

  • Backup & Recovery: Regular backups and tested recovery processes.

  • Incident Response: Defined procedure for identifying, responding to, and reporting incidents
  • Team Onboarding: All Candid Leap teammates when onboarded are required to set up 2FA on all relevant accounts and go through a security onboarding process.

6. Compliance

  • Adherence to applicable data protection laws.
  • Contracts and Data Processing Addendums (DPAs) are maintained with customers where required.

7. Review & Updates

This policy is reviewed annually or upon significant changes to our business or regulatory environment. Updates are approved by company management.

Approved by:
Hal Zeitlin,

Owner of Candid Leap & Form Connector


Last Updated 9/5