Trust

Security at Talkform

A transparent summary of the controls we are building, what customers should verify, and how to report a concern.

Last updated July 12, 2026

Security principles

Talkform is designed around least privilege, server-side validation, short-lived provider credentials, restricted access, secure transport, and collecting only information needed for the interview. Security controls continue to evolve and must be verified for the specific deployment.

Current limitations

Talkform is an early product and does not claim SOC 2, ISO 27001, HIPAA eligibility, PCI compliance, or any other certification on this page. Customers should not use it for credentials, payment card data, protected health information, or other regulated information without a written review of architecture, contracts, retention, and incident obligations.

Customer responsibilities

Use least-privileged accounts, protect exports, review imported forms, avoid secrets in prompts, validate structured results, and provide appropriate participant notice and consent. Test authorization, retention, deletion, and failure recovery before production use.

Responsible disclosure

Send a concise report to support@talkform.ai with the affected URL or component, reproduction steps, impact, and a safe contact method. Do not access other users' data, disrupt the service, or publish sensitive details before there has been a reasonable opportunity to investigate. We do not currently promise a paid bug bounty or a fixed response SLA.

Privacy and vendors

Security depends on data minimization, controlled vendor access, and documented retention. Review the privacy policy and subprocessor list alongside this page.