Paperform logo
ProductTemplatesPricingResources
ProductTemplatesPricingResources
Sign inTry Free

What security measures does Paperform have in place?

Help About Paperform Security & Compliance

Security & Compliance

Can I capture sensitive and/or private information on forms?Data Subject ComplaintsHow do I make a claim of copyright infringement against a form? How do I make a data or GDPR request?Is Paperform HIPAA-compliant?What security measures does Paperform have in place?Where can I learn more about GDPR and Paperform?Paperform Sub-processor ListUpdate for Apache Log4j vulnerability (CVE-2021-44228)What are Paperform's Terms and Conditions, and Privacy Policy?Where can I report people using your services for abusive and malicious behaviour?

Paperform follows industry best standards to keep your information safe. Our servers are based in the USA and hosted by AWS.

Security Measures

  • Form submissions are secured using TLS 1.2 SSL from the submitters browser through to our servers. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
  • Encrypted at Rest - Forms and submissions are stored in a database that is encrypted at rest.
  • Employee Access Restriction - The only people who have access to your data is yourself, and a select few of the Paperform technical team required to maintain systems and provide advanced technical customer support.
  • Regularly maintained systems - We regularly update the technology and systems we use to stay on top of the latest vulnerabilities.
  • Ability to turn off storage on Paperform - If you need data to only be stored in your own systems, you can turn off storage on Paperform on a per form basis. Note that submissions are held temporarily (generally under 1 minute) if there are emails, webhooks or Zapier integrations in place. We treat uploads separately to other submission data for "turn storage off", and delete these on request. This is because the images have to be hosted to be viewed/retrieved. For Pro and Agency users we offer BYOS3 Bucket (store your own), which supports files being sent directly to your servers, and so avoid upload storage on our servers. If your forms generate custom PDFs these are handled similarly to file uploads which can be stored in your BYOS3 bucket if you have provided one.
  • GDPR Ready as of May 25th 2018.
  • 2 Factor Authentication (2FA).

Note on file uploads

When a file is uploaded to Paperform, it is given a unique, unguessable public URL so that anyone who has been given that URL will be able to access that file. This is necessary to be able to easily upload files to other services, or share files uploaded with people who are not a user of your Paperform account.

Note on custom pdfs

When a custom PDF is generated for a submission it is given a unique, unguessable public URL so that anyone who has been given that URL will be able to access that file. This is necessary to be able to easily upload files to other services, or share files uploaded with people who are not a user of your Paperform account.

Still have questions? Ask us at dean@paperform.co.

Related Articles

Where can I learn more about GDPR and Paperform?
Read this article to learn more about Paperform and GDPR, including roles and related documentation.
Where can I report people using your services for abusive and malicious behaviour?
If you encounter a form created using Paperform that appears malicious or abusive, report it as soon as you can. We accept abuse reports via email at support@paperform.co, alternatively you can use our live chat support widget located at the bottom-right of your screen.