Paperform logo
COVID-19ProductTemplatesPricingBlogSign in
COVID-19ProductTemplatesPricingBlogSign in

What security measures does Paperform have in place?

Help About Paperform Security & Compliance

Security & Compliance

Can I capture sensitive and private information, such as credit card details or medical information?Capturing Sensitive Information with PaperformHow do I make a claim of copyright infringement against a form? How do I make a data or GDPR request?Is Paperform HIPAA compliant?What security measures does Paperform have in place?Where can I learn more about GDPR and Paperform?How do I remove the "suspicious warning" on my forms?What are Paperform's Terms and Conditions, and Privacy Policy?Where can I report people using your services for abusive and malicious behaviour?

Paperform follows industry best standards to keep your information safe. Our servers are based in the USA and hosted by AWS.

Security Measures

  • Form submissions are secured using TLS 1.2 SSL from the submitters browser through to our servers. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
  • Encrypted at Rest - Forms and submissions are stored in a database that is encrypted at rest.
  • Employee Access Restriction - The only people who have access to your data is yourself, and a select few of the Paperform technical team required to maintain systems and provide advanced technical customer support.
  • Regularly maintained systems - We regularly update the technology and systems we use to stay on top of the latest vulnerabilities.
  • Ability to turn off storage on Paperform - If you need data to only be stored in your own systems, you can turn off storage on Paperform on a per form basis. Note that submissions are held temporarily (generally under 1 minute) if there are emails, webhooks or Zapier integrations in place. We treat uploads separately to other submission data for "turn storage off", and delete these on request. This is because the images have to be hosted to be viewed/retrieved. For Pro and Agency users we offer BYOS3 Bucket (store you own), which supports files being sent directly to your servers, and so avoid upload storage on our servers.
  • GDPR Ready as of May 25th 2018.
  • 2 Factor Authentication (2FA).

Note on file uploads

When a file is uploaded to Paperform, it is given a unique, unguessable public URL so that anyone who has been given that URL will be able to access that file. This is necessary to be able to easily upload files to other services, or share files uploaded with people who are not a user of your Paperform account.

Still have questions? Ask us at dean@paperform.co.

Related Articles

Where can I learn more about GDPR and Paperform?
Read this article to learn more about Paperform and GDPR, including it's role as a Processor and Controller, and to find GDPR related documentation.
What features does Paperform have?
See https://paperform.co/pricing for plan and features details.
Where can I report people using your services for abusive and malicious behaviour?
Contact us directly as support@paperform.co or use our live chat to report abuse.