Powerful Enterprise-level Security for Every Form

Explore the comprehensive array of cutting-edge security measures and protocols implemented by 123FormBuilder, meticulously designed to safeguard the privacy and integrity of your valuable form data.

Image showing 123FormBuilder security features

ISO-9001 ISO-27001 GDPR HIPAA Compliant CCPA Compliant CCPA Compliant

Compliances & Certifications

123FormBuilder is HIPAA compliant, enabling healthcare providers to safely collect patient information through secure online forms and workflows. It adheres to all HIPAA standards, with robust safeguards in place. The platform also offers a Business Associate Agreement (BAA) for enhanced protection of Protected Health Information (PHI). Learn more

123FormBuilder is fully GDPR compliant, aligning with the European Union’s data privacy and security regulations. We meticulously implement technical and organizational security measures to ensure the safety, privacy, and integrity of all data collected and processed through our forms, both within and outside the EU. Learn more

123FormBuilder is ISO 27001 certified by the International Organization for Standardization, affirming our commitment to Information Security Management. This certification ensures the implementation of best practices for safeguarding confidential information, minimizing cyber risks, and preventing security threats.

123FormBuilder is also ISO 9001 certified. We adhere to quality management system (QMS) standards that reinforce our commitment to continuously improve our products & services, put our customers first, and comply with regulatory requirements.

123FormBuilder complies with the California Consumer Privacy Act (CCPA), which gives California residents the right to choose how businesses handle and process their personal data.

123FormBuilder complies with COPPA to protect children under 13’s data privacy and security, including obtaining verifiable parental consent for collecting children’s data and providing a clear privacy policy.

Built-in Security

256-bit SSL Encryption

All form data is secured with 256-bit SSL/AES encryption, ensuring top-level security for data at rest and in transit. 123FormBuilder forms use “HTTPS://” addresses, enhancing protection against phishing and hacking, and ensuring secure data transfer and storage.

Data & Form Encryption

123FormBuilder offers an additional layer of security with optional data encryption at rest, enhancing the protection of your forms and customer privacy. This feature, along with 256-bit SSL encryption, stores data and private keys securely on AWS servers, accessible only by authorized personnel. Available for Diamond and Enterprise plans.

Antispam Protection

123FormBuilder ensures robust antispam protection with options like Smart CAPTCHA and reCAPTCHA, preventing fake submissions and ensuring accurate data collection. Gain more control over form data quality by limiting submissions based on IP addresses, URLs, countries, and adding password protection. Additionally, easily enable or disable forms as needed.

Data Retention, Backup & Recovery

123FormBuilder ensures daily real-time data backups stored securely on AWS for 30 days. If deleted, your data is promptly removed from our system, emphasizing ownership. Accidentally deleted data can be recovered within 30 days upon request. Additionally, we offer form transfers between accounts and CSV file recovery for any owned form.

Authentication Security

Automatic Session Timeout

123FormBuilder performs daily, real-time data backups, so your form data is securely replicated and stored on AWS. We keep your data for 30 days. If you choose to delete it, we’ll no longer store it in our system. Your data belongs to you, and only you. But, if you delete any data by accident, upon request, we can recover it for you within 30 days. At your request, we can also transfer forms from one account to another and recover any CSV file of any form you own.

User Multi-Factor Authentication

Add the Multifactor Authentication (MFA) as an additional step to your login process to double-check the user’s identity, minimizing the risk of identity theft and ensuring only authorized access.

Password Protection

With a robust password policy in place, 123FormBuilder requires all users to create a strong password that needs to check a series of requirements before being accepted. If you have a HIPAA account, you need to change your password every 90 days. And while this is a requirement for HIPAA accounts, we recommend to all of our clients to change their password every 90 days for extra protection.

To prevent any hacking attempts or brute force attacks, the system allows five login attempts before locking the user out until further notice from 123FormBuilder’s team, which is immediately notified.

image showing authentication security steps

Advanced Security Protocols

Data Residency in the US and Europe

123FormBuilder is hosted on AWS (Amazon Web Services) with data centers across the US (North Virginia) and EU (Frankfurt), ensuring the platform’s geographical redundancy. By relying on AWS’s strict security protocols, we store your data on highly guarded servers while complying with the local laws and regulations to ensure complete protection of your data privacy. For example, if your data resides in the EU, you’ll find that we are also fully GPDR compliant.

Based on your location or preference (for our Enterprise plans), you can choose where you want to store your data. And it will never leave the EU or US without your permission.

Daily scans, AES encryption, and thorough 24/7 monitoring for potential threats and unauthorized activities are just some of the measures that keep all data encrypted and protected in multiple AWS data centers across the world.

SSO (Single Sign-On)

The Single Sign-On (SSO) option streamlines your 123FormBuilder login using a single set of credentials. We integrate with major OpenID Connect and SAML identity providers, such as Microsoft Azure and Google.

SSO simplifies user interactions with your forms, eliminating multiple logins and enhancing security. With precise access controls, you stay informed about form data interactions. This singular access point improves customer experience, boosts security, and reduces IT costs. SSO is exclusively available in our Enterprise plans.

Custom Roles & Permissions

In 123FormBuilder Enterprise, customize user roles and permissions to encourage collaboration while maintaining form security. Define roles with specific access levels for forms, folders, and users. Easily manage access by granting, restricting, or revoking permissions. Admin users have full access, including creating users and granting detailed permissions. Standard users can view, edit, or create forms without configuring account settings or managing other users.

Audit Trail

123FormBuilder provides a comprehensive audit trail for your account and forms, offering control over every activity. Monitor events like logins, form deletions, field edits, new user additions, and submissions. Track activities per user, form, and the entire account.

For HIPAA compliance, this tamper-proof log is crucial. Easily identify actions such as user logins, accessed data, and form edits. The automatic activity log enhances security, ensuring traceability and transparency for your system. Access your data anytime for complete peace of mind.

SLA (Service Level Agreement)

123FormBuilder offers SLAs to Enterprise customers. We’re keeping our system up and running with a guaranteed uptime of 99,99% while you count on a reliable tool with uninterrupted work. Along with the guaranteed software uptime, we’re committed to ensuring that we deliver on the response times, support availability, and the high-quality service requirements agreed upon in your SLA. You can always check 123FormBuilder’s operational status at this link.

Security Audits

We conduct periodic audits on our infrastructure through vulnerability scans and Pen Tests (performed by an authorized third-party security vendor) to evaluate our system’s integrity. Our team promptly fixes any discovered vulnerability, providing you with the highest security standards at all levels.

Employee Security & Training

All 123FormBuilder employees go through mandatory security training specific to their role. They learn about the company’s security policies, our compliance regulations (HIPAA, GDPR, etc.), data privacy best practices, how to spot and report security threats and vulnerabilities, and much more. We train our employees regularly, so every team member is aware of the latest security measures, building a strong security culture in our organization.

Additionally, we use Single Sign-On to login into all 123FormBuilder tools and rely on Multifactor Authentication (MFA) as an extra security protocol that ensures our platform’s protection against cyber-attacks and other threats.

Email authentication (SPF and DKIM)

Sender Policy Framework (SPF) and Domain Keys Identified Mail(DKIM) are fundamental components of email authentication and help protect email senders and recipients from spam, spoofing, and phishing.
SPF enables email senders to specify which IP addresses are allowed to send mail for a specific domain. DKIM offers the encryption key and digital signature to confirm that an email message was not falsified or changed.
We’ve included them as add-ons in our Enterprise plans, to ensure stellar user experience and brand reputation, in addition to safeguarding your company.

Frequently asked questions

How do you prevent XSS and SQL injections?

Do you have SOC 2 Type certification?

Do you have PCI compliance?

How do you handle DOS & DDOS attacks on the forms & platform?

Can you ensure a secure SSL connection?

What are some of the security standards and protocols you rely on?

Is Single Sign-On (SSO) an option?

Are you protected against SQL injection & cross-site scripting?

How do employees access the company systems?

Want more details?
We’d love to show you what 123FormBuilder can do for you.

Get in touch