Built for the world’s most regulated organisations.
TeamForm runs the most sensitive workforce data in banking, telco and retail. SOC 2 Type II, GDPR, dedicated tenancy with per-customer keys, and regional AWS hosting, independently audited and continuously monitored.
Isolated, encrypted, regionally hosted.
Regional AWS hosting
Run on AWS in Sydney, London and the US, with data residency you can pin to your region.
Dedicated, isolated tenancy
Each customer's data lives in its own isolated store, never pooled with anyone else's.
Encrypted at rest
A per-customer Customer Master Key, generated from FIPS 140-2 validated HSMs and rotated regularly.
Encrypted in transit
TLS everywhere, with a minimum 128-bit AES cipher: between you and the app, and between internal services.
The right people, and only the right people.
Single sign-on
Bring your own identity provider over SAML, with SCIM to provision and de-provision through your directory.
Role-based access
Scope who sees and changes what, down to confidential workspaces for sensitive change.
Multi-factor authentication
TOTP multi-factor authentication, enforced across every account.
Least privilege
Only authorised, trained staff can reach production, via per-engineer certificates.
Access logging
All access and access attempts are logged.
Your data stays yours.
You own your data
It stays inside your tenancy, and it's deleted when you leave the service.
GDPR & DPA
EU/UK GDPR compliant, with a Data Processing Addendum, a Record of Processing Activity and privacy training.
Classification & retention
Formal data-classification, retention and disposal procedures.
Published subprocessors
The full subprocessor list is public on our Trust Center. No surprises.
Independently proven, continuously watched.
SOC 2 Type II
Audited annually (the current report is dated December 2025). Request the report under NDA from our Trust Center.
Independent pen testing
Penetration tested at least annually, with findings remediated to defined SLAs.
Secure SDLC
A formal development lifecycle: changes documented, tested, reviewed and approved before production.
Continuity & monitoring
Business continuity and disaster-recovery plans, system monitoring and cyber-insurance cover.
Do your diligence.
Everything above is documented, audited and available on our Trust Center.