Data Security & Privacy

At Form.com, information security is our top priority. That's why we tailor every solution to meet your unique privacy and security needs. Even if your organization is subject to stringent data laws, Form.com has a plan that will work for you.

Private & Secure Infrastructure

We work with you to map out secure and private infrastructure, put it all in writing, and launch safely. At its core, our platform is designed to securely route data to and from the field without interference from bad actors. 

Our security model and controls are based on international protocols and standards, and adhere to industry best practices. The platform is commercially compliant with HIPAA, and we are ISO 27001 certified. We are also currently working toward SOC-2 certification.

Custom Access Levels & Permissions

Our robust permissions options allow you to permit individual users or groups to view or modify reports. Robust user permissions options allow you to restrict control of everything from individual forms to reports and admin-level workflows. 

Full Administrative Control

Add, create, and modify users under your account to ensure only the people you authorize can access data. Administrators on your account will have the ability to create, modify, and track other user activity. The platform logs all authentication activity and supports proper audit trails in a protected system.

Data Protection and Privacy

• Data is hosted in SSAE 16-certified data centers compliant with documented controls and operational procedures. From both a design and operational perspective, WorldAPP is Tier III/TIA 942 compliant, meaning your data resides on secure servers behind multiple firewalls. Anyone attempting to access your data must use a login and password, and the account owner must grant them permission.
• Confidential data, such as usernames and passwords, are encrypted in the database. Brand account users have the option to add database encryption to the Contact Manager and any collected responses or submissions.
• Any application web traffic is secured with SSL in transit. In data transmission, WorldAPP supports 256-bit TLS encryption using Thawte and HTTPS connections.
• Form.com is an official licensee of the TRUSTe Privacy Seal Program and certified by the EU Safe Harbor Privacy Program, with endorsements to securely host consumer data from any country.
• Form.com and its employees have received HIPAA compliance certifications for web, mobile, and offline solution implementations.

General Data Protection Regulation (GDPR)

With customers in nearly every country in the world, WorldAPP adheres to the General Data Protection Regulation (GDPR) expanding the privacy rights granted to European individuals. The regulation requires companies that process the personal data of European individuals to comply with a new set of rules.

To help our customers in their efforts to comply with the GDPR, WorldAPP has implemented processes and taken steps to ensure that all of our applications and systems will fully comply. Read more about WorldAPP and the GDPR here.