Zero-Access Compliance

42Forms is designed as a zero-access tool. The vendor (42Forms) never sees, stores, or transmits customer data. This architecture maintains Software Vendor status under HIPAA - no Business Associate Agreement (BAA) is required.

Data Residency

All application data resides exclusively in the consumer’s Snowflake account:

• Hybrid Tables (FORTY_TWO_FORMS_DB.APP_DATA) - all projects, submissions, audit logs, and configuration
• No external storage: no S3 buckets, no external databases, no vendor-hosted infrastructure
• No data egress: no EXTERNAL_ACCESS_INTEGRATION or NETWORK_RULE pointing to vendor APIs

No Telemetry

• No SYSTEM$SEND_SNOWFLAKE_TELEMETRY_DATA usage (except seat count billing events)
• No query text, table metadata, or PII in billing events
• Event sharing is set to OPTIONAL in the manifest - never mandatory

Privilege Minimization

The application requests only the privileges it needs:

Privilege	Purpose
CREATE COMPUTE POOL	Run the SPCS container service
CREATE WAREHOUSE	Dedicated warehouse for Cortex AI calls
BIND SERVICE ENDPOINT	Expose the web interface
IMPORTED PRIVILEGES ON SNOWFLAKE DB	Cortex LLM access only

Tip

No MANAGE GRANTS, no EXECUTE TASK, no CREATE INTEGRATION - the app cannot create external connections or access data outside what the consumer explicitly grants via caller rights.

Caller Rights Enforcement

All queries against consumer data use Restricted Caller Rights (RCR). The app executes SQL as the logged-in user’s role, not the app’s service role. This means:

• Row access policies are enforced per-user
• Column masking policies are enforced per-user
• The app service role has no direct access to consumer tables