From a compliance perspective, many organizations raise similar questions when evaluating Team Forms. Below are answers to the most common queries.
Who owns Team Forms?
Team Forms is owned and operated by VP Labs Pty Ltd, a company headquartered in Perth, Western Australia.
What technology is Team Forms built on?
Team Forms is a modern web application built with React. It integrates directly with Microsoft 365 by using the Microsoft Graph API to securely connect with your organization’s Teams SharePoint site.
The web app and its supporting services are hosted on Microsoft Azure, ensuring high availability, scalability, and alignment with Microsoft’s global compliance standards.
What compliance certifications does Team Forms hold?
Team Forms is currently undergoing the Microsoft 365 App Certification process. This certification involves:
Independent security and privacy audits of the app and supporting backend environment
Regular penetration testing
Verification of compliance with Microsoft’s data handling and operational practices
You can track the current certification status directly on Microsoft’s official page:
For more details about the Microsoft 365 App Certification program itself, visit:
Where is Team Forms data stored?
All forms-related data is stored directly within your organization’s own Microsoft 365 environment, specifically in SharePoint. This ensures your data always remains under your control and subject to the same compliance, governance, and retention policies you configure in Microsoft 365.
For a deeper dive into how Team Forms handles data and security, see our article:
In addition, only a minimal amount of non-sensitive usage data is captured to support licensing.
Does Team Forms support Single Sign-On (SSO) and Multi-Factor Authentication (MFA)?
Yes. Team Forms relies entirely on your organization’s Microsoft Entra ID (Azure Active Directory) for authentication. This means any security controls you have configured—such as SSO, MFA, conditional access policies, or password expiry rules—apply automatically.
Team Forms never stores or manages user credentials.
How is customer data protected in transit and at rest?
In transit: All communication between Team Forms and Microsoft 365 uses TLS 1.2+ encryption.
At rest: Since data is stored within your own Microsoft tenant, encryption at rest is provided by Microsoft’s platform-level controls.
Any metadata or temporary caching performed by Team Forms services hosted on Azure also benefits from Azure’s built-in encryption standards.
Does Team Forms undergo penetration testing?
As part of the Microsoft 365 App Certification process, Team Forms is subject to independent penetration testing and ongoing security assessments. This certification framework requires regular testing of both the application and its supporting environment to validate security controls.
In addition, Microsoft Graph and Azure services inherit Microsoft’s own enterprise-grade security practices, including continuous vulnerability management and compliance monitoring.
Who can access customer data?
Team Forms and its staff have no access to your data. All content—forms, responses, and files—resides entirely within your Microsoft 365 tenant and is governed solely by the permissions and access controls you configure.
Because we cannot see or interact with your environment, our support is limited to providing guidance and troubleshooting steps. We are unable to directly view your data or make changes on your behalf.