1. Organizational Information
Q: Who operates ANON::form?
A: ANON::form is developed and operated by Anonform Ab, based in Åland, Finland, established in 2021.
Q: What type of service is ANON::form?
A: ANON::form is a secure web form platform used for collecting sensitive, confidential, or anonymous data, including HR reports, compliance submissions, incident reporting, and whistleblowing.
2. Data Security
Q: How is data protected in ANON::form?
A: All data is protected using end-to-end encryption (E2EE). Data is encrypted in the user’s browser before transmission and can only be decrypted by the intended recipient. No plaintext data is stored outside the recipient’s environment.
Q: Where is customer data hosted?
A: Data is hosted in Finland, Germany, USA, and Singapore. Customers can choose regional storage locations to comply with data residency and regulatory requirements.
Q: Are the data centers managed by large tech companies?
A: No. All data centers are independently operated, first-class facilities, not owned or managed by large global tech corporations, enhancing data sovereignty and compliance.
Q: What certifications or standards do the data centers meet?
A: The data centers comply with physical security best practices, operational resilience standards, and environmental responsibility measures, following ISO 27001-aligned security practices.
Q: Does ANON::form support GDPR compliance?
A: Yes. ANON::form is designed to support GDPR and data protection best practices by minimizing data exposure, enabling anonymous reporting, and ensuring controlled handling of sensitive information.
3. Privacy and Confidentiality
Q: Can submissions be anonymous?
A: Yes. ANON::form supports anonymous submissions where required, such as for whistleblowing or sensitive HR reporting.
Q: Does ANON::form use tracking or analytics?
A: No. ANON::form does not use advertising-driven tracking, third-party analytics, or big-tech data ecosystems.
Q: How is confidentiality maintained during investigations?
A: Submitted data is encrypted, and access is restricted to authorized personnel within the organization. Audit logs are maintained to ensure secure handling and traceability.
4. Operational Security
Q: Who has access to the data?
A: Only authorized personnel within the customer’s organization have access to the decrypted submissions. Anonform Ab cannot access plaintext form submissions.
Q: How is availability ensured?
A: ANON::form uses redundant, high-availability infrastructure across multiple regions with monitoring and incident response to ensure continuous service availability.
Q: How are updates and patches managed?
A: All software is updated regularly. Security patches are applied promptly following vulnerability management best practices in line with ISO 27001 and SOC 2 guidelines.
5. Governance, Risk, and Compliance
Q: Who evaluates and uses ANON::form internally?
A: ANON::form is typically evaluated and used by procurement, IT security, compliance, HR, internal audit, and risk management teams.
Q: How is compliance with internal policies maintained?
A: ANON::form supports audit-ready reporting, access control, and configurable workflows to meet internal governance and regulatory policies.
Q: Can ANON::form help meet ISO 27001 or SOC 2 requirements?
A: Yes. By providing secure, auditable data collection, encryption, access controls, and vendor transparency, ANON::form supports compliance with ISO 27001, SOC 2, and similar risk and security frameworks.
6. Environmental & Responsible Hosting
Q: Are ANON::form data centers environmentally responsible?
A: Yes. All data centers are selected for energy efficiency, sustainability, and first-class operational practices, reducing environmental impact while maintaining security and resilience.