What security measures does Paperform have in place?

Paperform follows industry best standards to keep your information safe. Our primary servers are based in the USA and hosted by AWS. We offer other regions and hosting options upon request, so please talk to us at support@paperform.co if you would like to have your data stored in a specific region. Security Measures

• Form submissions are secured using TLS 1.2 SSL from the submitters browser through to our servers. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
• Encrypted at Rest - Forms and submissions are stored in a database that is encrypted at rest.
• Employee Access Restriction - The only people who have access to your data is yourself, and a select few of the Paperform technical team required to maintain systems and provide advanced technical customer support.
• Regularly maintained systems - We regularly update the technology and systems we use to stay on top of the latest vulnerabilities.
• Ability to turn off storage on Paperform - If you need data only to be stored in your own systems, you can turn off storage on Paperform on a per-form basis. Note that submissions are held temporarily (generally under 1 minute) if there are emails, webhooks or Zapier integrations in place. We treat uploads separately to other submission data for "turn storage off", and delete these on request. This is because the images have to be hosted to be viewed/retrieved. We offer BYOS3 Bucket (store your own), which supports files being sent directly to your servers, and so avoid upload storage on our servers. If your forms generate custom PDFs these are handled similarly to file uploads which can be stored in your BYOS3 bucket if you have provided one.
• GDPR Ready as of May 25th 2018.
• SOC 2 Type 1 and Type 2 in progress, due for certification in December 2023. Gap report available upon request.
• 2 Factor Authentication (2FA).

Note on file uploads

When a file is uploaded to Paperform, it is given a unique, unguessable public URL so that anyone who has been given that URL will be able to access that file. This is necessary to be able to easily upload files to other services, or share files uploaded with people who are not a user of your Paperform account.

Note on custom pdfs

When a custom PDF is generated for a submission it is given a unique, unguessable public URL so that anyone who has been given that URL will be able to access that file. This is necessary to be able to easily upload files to other services, or share files uploaded with people who are not a user of your Paperform account.

Still have questions? Ask us at dean@paperform.co.