About security policies

Due to handling data received from form respondents, we pay close attention to security measures and server monitoring and operation in all plans. Formrun's security policy.

Security System

The security system described below applies to all plans of "formrun". Also, the policy regarding information security of the operating company of "formrun", Basic Inc., can be found here.

Acquisition of ISO 27001

The operating company of the form creation and management tool "formrun", Basic Inc. (100% parent company of mixtape LLC, which inherited the formrun business on August 1, 2018), has obtained certification for the international standard for Information Security Management System (ISMS) "ISO/IEC 27001:2013 / JIS Q 27001:2014" (abbreviation: ISO27001).

This certification indicates that the operation and management system of our cloud service's information security conforms to international standards, as recognized by a third-party institution.

We will continue to make ongoing improvements to our information security measures and strive to enhance the safety of our services for our customers' peace of mind.

Acquisition of Privacy Mark

The operating company of the form creation and management tool "formrun", Basic Inc., has obtained the Privacy Mark, which is awarded to businesses that have established a system to appropriately protect personal information in accordance with the Japanese Industrial Standard "JIS Q 15001 Personal Information Protection Management System - Requirements".

Adoption of SSL/TLS

All communications with formrun are encrypted using SSL (Secure Sockets Layer) / TLS (Transport Layer Security) with an RSA 2048 bits certificate, protecting against malicious third-party data tampering, eavesdropping, and leakage of communication content.

Adoption of AWS

Formrun uses the Amazon Web Services (AWS) data center provided by Amazon Web Services, Inc., which is built to meet the requirements of organizations with the highest priority on security.

AWS, with its high reliability and track record both domestically and internationally, is adopted even by financial institutions that demand advanced security.

Vulnerability Assessment by Third Parties

A vulnerability assessment of the Web application by a third-party institution was conducted in October 2022.

In addition, as mentioned above, measures are taken for information security, including the acquisition of ISO 27001, the adoption of SSL/TLS, and the adoption of AWS.


Server Monitoring System

Data Access Management

At formrun, access to the server is limited to system administrators, and we strictly manage the data to protect our customers' valuable information.

Those other than the system administrators cannot access the database, and even system administrators, except in limited situations such as legal requests or with customer consent, do not access the data stored on the server.

24/7 Server Monitoring

At formrun, we monitor our server 24/7. In the event of a system failure, real-time notifications are sent to system administrators, who then immediately undertake recovery operations as appropriate.