- How is compliance supported?
- How is GDPR complied with?
- How are accessibility requirements met?
- What does PCI‑DSS support mean?
- How does ANON::form handle HIPAA considerations?
- How is privacy protected under compliance frameworks?
- Why is a no‑log policy important?
- What infrastructure protections support trust?
- How does ANON::form protect against malicious code?
- Where can I find more information about this?
How is compliance supported?
ANON::form meets security and compliance requirements from GDPR, ISO 27001, NIST security controls, EU Schrems II, UK FCA, US SOX and PCI‑DSS frameworks. The service uses end to end encryption, minimal data collection, strong transport protections and a no‑log policy to support privacy and security controls and help meet relevant legal requirements. You remain responsible for your own regulatory compliance when using the service, for example in HIPAA contexts.
How is GDPR complied with?
ANON::form relies on the legal basis of legitimate interest under the GDPR to provide anonymous form processing services, minimises data collection to what is necessary, avoids use of sub processors and does not store form data. This approach supports compliance with GDPR principles for data minimisation and privacy by design.
How are accessibility requirements met?
ANON::form secure web forms are built to meet widely recognised accessibility standards such as WCAG 2.1 AA and EN301549 so that forms are usable across different devices and by people with varied needs, supporting inclusive access to secure form services.
What does PCI‑DSS support mean?
PCI‑DSS refers to the Payment Card Industry Data Security Standard for secure handling of payment information. ANON::form meets requirements aligned with this standard by protecting data with strong encryption, controlled access and secure transport.
How does ANON::form handle HIPAA considerations?
ANON::form offers strong encryption and data minimisation practices that align with HIPAA protection principles, but users must ensure their implementation meets applicable HIPAA requirements. ANON::form does not act as a HIPAA Business Associate.
How is privacy protected under compliance frameworks?
ANON::form uses a no‑log policy so that it does not keep traffic, error or usage logs, and anonymises form submissions so that encrypted data goes directly to the recipient without intermediate storage.
Why is a no‑log policy important?
A no‑log policy ensures that ANON::form does not retain traffic, usage, or error logs. Many providers are legally required to keep such logs for monitoring or regulatory purposes, which can expose user data or form activity to third parties. For example, standard web hosting services or email providers often log IP addresses, timestamps, and user activity. By not keeping logs, ANON::form protects privacy, prevents unauthorized access to usage data, and ensures that submissions remain fully anonymous and secure.
What infrastructure protections support trust?
The service uses secure data centres certified under ISO 27001 and follows the Zero Trust model. It hardens servers and software, monitors activity 24/7, uses modern firewall and DDoS protections, and limits access to authorised personnel to reduce risk.
How does ANON::form protect against malicious code?
Form data is sanitised before server processing, and plugins use iFrames to isolate the form from the website so that neither can run code in the other’s context. ANON::form uses open source OpenPGP and hCaptcha for secure embedding and spam protection.