The requirements for a secure service are many and are defined by a variety of laws and frameworks such as GDPR, PCI-DSS, HIPAA, NIST, etc.
ANON::form is a service that fulfills all this and more. We use E2EE, ie all data is already encrypted in the browser and decrypted at the recipient, which we then transport in encrypted channels.
And we do not save anything about the transport in any logs or cache, our service is completely anonymized.
ANON::form is a completely unique service where nothing is left to chance, we keep what we promise:
1. Meets safety requirements
ANON::form is a service that meets the requirements for security according to the respective standard for:
EU/GDPR + EU/Schrems II
PCI-DSS + HIPAA + NIST
and receives the rating A+ from Qualsys SSL Labs and ImmuniWeb.
All certificates are encrypted with SHA256/RSA 2048 bits/TLS 1.2 + 1.3.
2. Meets the requirement for Zero Access
ANON::form does not store form data and meets the requirement for Zero Access, suppliers who receive form data from ANON::form comply with Zero Access in that all data stored is encrypted via endpoints (E2EE) with personal keys.
3. Meets the requirement for privacy
ANON::form fulfills the requirement for anonymity in that no traffic, error or other logs are activated (No-Log Policy), all form data is sent encrypted directly to receiving systems without intermediaries.
Nothing is saved in the computer or browser by the service, but the use of incognito windows, or even better Tor Browser, is recommended to prevent sensitive data from being saved by the browser’s own functions.
4. Protected against malicious code
ANON::form is protected against malicious code by cleaning up all form data before it is processed by the server system. We do not have any online editing of forms, everything is uploaded manually by us after virus and other security checks.
All services are run on own servers in secure server halls. The encryption software we use is open source (OpenPGP) which is constantly reviewed by a large community spread all over the world.
5. Spam protection
All forms have Captcha protection against robot-generated spam. The Captcha function is locally installed and does not download anything from external sources such as Google.