In order for your form data to be secure, it must be encrypted at four points:
- When a user submits the form - this is done by having SSL activated on your form, which is done by default on all new forms.
- When the submitted data is emailed to you - this is done by setting up PGP for your form if you receive submission data emails.
- When the submitted data is saved for later download - this is done by setting up data encryption on your form if you enabled data saving under the form settings.
- When you download the data - this is done automatically. Anytime you log into the Formstack admin tools, your activity is encrypted with 256-bit SSL.
If one of these four points are not secure, then it is possible that information can be intercepted by unintended parties.
Collecting Sensitive Information
Formstack does allow for the collection of sensitive information on our Forms, however, our Terms of Service require that certain security measures must be enabled to do so. Formstack provides the ability to secure your form data with SSL, PGP (if the information is to be included in emails), and database encryption. Only by setting all three of those features do you ensure that your data is safe. For more information on what is and isn't considered sensitive data, check out our Help Guide.