Features Security

Protect your data with advanced form security.

Safely gather and manage online data through secure forms that are packed with protective features.

Try It Free

Secure Forms with Formstack

Formstack is dedicated to providing all users with the highest levels of form security. We offer multiple security methods to help you gain peace of mind. Browse through the selection of tools below to learn more.

256-Bit SSL

256-Bit SSL

Keep your form data safe with the industry standard for viewing and sending sensitive information online. Every Formstack form comes with 256-bit SSL (Secure Socket Layer) enabled.

Learn More

Data Encryption

Data Encryption

Encrypt information in Formstack's database to ensure no one but you can read it. This is required if you're collecting sensitive data like credit card details and social security numbers.

Learn More

PGP Email Encryption form security

PGP Email Encryption

Protect the data you send via email with advanced PGP (Pretty Good Privacy) encryption. This is required if you're using email to route sensitive information to different team members.

Learn More

Password Protection

Password Protection

If you don't want just anyone viewing and submitting your form, set a required password. This works perfectly if you're using your form internally or for private events with limited space.

Learn More

Invisible reCAPTCHA

Invisible reCAPTCHA

Opt to add Invisible reCAPTCHA to your forms to create a more secure form submission process. Spammers won't be able to submit bogus information, and your database will be clean and error-free.

Learn More

Formstack is fully compliant with the EU General Data Protection Regulation (GDPR). Please refer to our Terms of Service and Privacy Policy to learn how we meet GDPR requirements. Read more

HIPAA Compliance

Formstack offers an enterprise-level solution that is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With Formstack HIPAA, healthcare customers can eliminate hours of manual data entry with secure online forms that collect electronic protected health information (ePHI). Mandatory security measures include data encryption, access controls, auditing, and logging.

To learn more about HIPAA and how you can activate Formstack HIPAA compliance for your organization, please contact us.

Frequently Asked Questions

How is my form data stored and protected?

Form data is stored securely on Formstack’s servers. All users have the option to enable encryption for their stored submissions. Users can also enable PGP email encryption to protect information shared through notification and confirmation emails.

How do you protect the confidentiality of transmitted data, including personal information and sensitive business information?

For transmitted data that’s sent through integrations and other methods, we use TLS.

Do you handle any credit card information as part of your service offerings?

Yes, we allow users to collect credit card information on their forms. We require credit card data to be encrypted when captured or transferred via our system. While we do not currently attest to PCI compliance, we work with card provider integrations who are fully PCI compliant.

Who has access to my data? Are there permissions in place?

We provide a segregated environment via a multi-tenant database so that each customer’s data is isolated and protected against unauthorized access. To protect your data further, we provide the ability to assign access privileges and permissions to different users.

What backups do you perform?

We back up the database daily with the ability to perform point-in-time restoration. Backups are kept for 14 days.

Do you proactively protect against common application attacks, such as input tampering and injection flaws?

We escape SQL, we sanitize HTML input, and we use CSRF tokens to mitigate common web vulnerabilities.

Is anti-virus and anti-malware protection maintained on your system? If so, what software is used?

We scan file uploads for viruses through clamAV.

Do you have a security incident response process in place?

Engineers are available 24/7 and all engineers in rotation receive monitoring alerts regarding any incident.

How often do you conduct vulnerability assessments for all infrastructure, servers, databases, and applications?

We run quarterly scans with Acunetix. High value issues are addressed based on severity of the problem. In addition, we patch the servers with security patches as soon as they become available.

What is your company’s password policy?

We don’t have a strict policy regarding customers, but we do encourage our users to create strong passwords. All employees and contractors are required to enable two-factor authentication as an additional precaution when setting up their passwords. In addition to account passwords, we provide the ability to create passwords for individual forms.

Get More Information

If you'd like more information on our security protocols, please fill out the Security Document Request Form. We will email you a PDF that contains in-depth details on Formstack's secure forms.

Protect your data with secure forms.
See Formstack's form security features in action with a free, 14-day trial.
Try It Free