Powerful Enterprise-level Security for Every Form

Discover 123FormBuilder’s advanced security measures and protocols that protect the privacy and integrity of your form data.

hipaa verified seal
gdpr logo
iso 9001
iso 27001
ccpa compliant
coppa compliant

Compliances & Certifications

Certified HIPAA Compliance

123FormBuilder is certified HIPAA compliant, giving healthcare providers the ability to safely collect patient health information and build secure medical workflows with HIPAA-compliant online forms. We adhere to all mandatory standards and policies required by HIPAA regulations, and we have implemented physical, technical, and administrative safeguards to give our clients peace of mind. We also offer a BAA (Business Associate Agreement) guaranteeing full protection of PHI (Protected Health Information). Learn more.

GDPR Compliance

123FormBuilder is fully GDPR compliant. The General Data Protection Regulation is the European Union’s law on data privacy and security, which regulates how businesses in the EU and outside of it collect and handle the personal data of EU individuals. By complying with GDPR’s regulations, we’re taking all the technical and organizational security measures to maintain the safety, privacy, and integrity of any data collected and processed through our forms. Learn more.

ISO 27001 Certification

123FormBuilder holds the ISO 27001 Certification issued by the International Organization for Standardization, based in Geneva, Switzerland. Being ISO 27001 certified means that our company adopted an Information Security Management System (ISMS) that helps us follow the best practices when it comes to protecting confidential information, minimizing the risks of cyber attacks, or preventing information security threats.

ISO 9001 Certification

123FormBuilder is also ISO 9001 certified. We adhere to quality management system (QMS) standards that reinforce our commitment to continuously improve our products & services, put our customers first, and comply with regulatory requirements.

CCPA Compliance

123FormBuilder complies with the California Consumer Privacy Act (CCPA), which gives California residents the right to choose how businesses handle and process their personal data.

COPPA Compliance

123FormBuilder works in compliance with the Children’s Online Privacy Protection Act (COPPA), which aims to protect and maintain children’s data privacy and security under the age of 13. Some of the COPPA guidelines include collecting verifiable parental consent before collecting kids’ personal data or sharing a straightforward privacy policy on the topic.

Built-in Security

256-bit SSL Encryption

All data that passes through your forms is encrypted using a 256-bit SSL connection. The 256-bit AES encryption (Advanced Encryption Standard) is the strongest encryption standard that ensures the security of your data at rest and in transit. Each of 123FormBuilder’s forms uses an “HTTPS://” address, which helps you protect your data against phishing, hacking, or skimming attempts and reassures users that every bit of information they share is transferred and stored securely.

Data & Form Encryption

Along with the 256-bit SSL encryption, you can choose to encrypt your data at rest on 123FormBuilder. By turning on data encryption, you add a second layer of security to your forms and submissions that protects your data and your customer’s privacy. The data and your private key are stored on our AWS servers, and only authorized personnel can access them. Data encryption is available for the Professional and Enterprise plans.

Antispam Protection

123FormBuilder has multiple antispam protection measures so that no spam gets through. Prevent fake submissions and ensure accurate data collection by including an extra security step. Add one of the two CAPTCHA authentication options to your forms, Smart CAPTCHA or reCAPTCHA, and filter the bots on your form submissions.

For more control over the quality of your form data, you can also limit or even restrict specific submissions. To keep spammers away from your forms, you can:

  • limit the number of submissions you receive from an IP address;
  • limit submissions from the same URL;
  • accept or reject submissions from certain countries;
  • add a password to your forms;
  • enable or disable the form at any time.

Data Retention, Backup & Recovery

123FormBuilder performs daily, real-time data backups, so your form data is securely replicated and stored on AWS. We keep your data for 30 days. If you choose to delete it, we’ll no longer store it in our system. Your data belongs to you, and only you. But, if you delete any data by accident, upon request, we can recover it for you within 30 days. At your request, we can also transfer forms from one account to another and recover any CSV file of any form you own.

Authentication Security

Automatic Session Timeout

123FormBuilder performs daily, real-time data backups, so your form data is securely replicated and stored on AWS. We keep your data for 30 days. If you choose to delete it, we’ll no longer store it in our system. Your data belongs to you, and only you. But, if you delete any data by accident, upon request, we can recover it for you within 30 days. At your request, we can also transfer forms from one account to another and recover any CSV file of any form you own.

User Multi-Factor Authentication

Add the Multifactor Authentication (MFA) as an additional step to your login process to double-check the user’s identity, minimizing the risk of identity theft and ensuring only authorized access.

Password Protection

With a robust password policy in place, 123FormBuilder requires all users to create a strong password that needs to check a series of requirements before being accepted. If you have a HIPAA account, you need to change your password every 90 days. And while this is a requirement for HIPAA accounts, we recommend to all of our clients to change their password every 90 days for extra protection.

To prevent any hacking attempts or brute force attacks, the system allows five login attempts before locking the user out until further notice from 123FormBuilder’s team, which is immediately notified.

Advanced Security Protocols

Data Residency in the US and Europe

123FormBuilder is hosted on AWS (Amazon Web Services) with data centers across the US (North Virginia) and EU (Frankfurt), ensuring the platform’s geographical redundancy. By relying on AWS’s strict security protocols, we store your data on highly guarded servers while complying with the local laws and regulations to ensure complete protection of your data privacy. For example, if your data resides in the EU, you’ll find that we are also fully GPDR compliant.

Based on your location or preference (for our Enterprise plans), you can choose where you want to store your data. And it will never leave the EU or US without your permission.

Daily scans, AES encryption, and thorough 24/7 monitoring for potential threats and unauthorized activities are just some of the measures that keep all data encrypted and protected in multiple AWS data centers across the world.

SSO (Single Sign-On)

The Single Sign-On option allows you to login into your 123FormBuilder account with only one set of credentials. 123FormBuilder works with two of the biggest and most trusted OpenID Connect and SAML identity providers, Microsoft Azure and Google.

SSO authentication simplifies how users log in, view, submit and edit your forms. There’s no need for multiple steps or to remember multiple passwords, and you have accurate data over who accessed your forms. You can set specific permissions to always be on top of your form data. A single point of access improves customer experience, enhances security capabilities, and decreases IT costs. SSO is available for the Enterprise plans.

Custom Roles & Permissions

In 123FormBuilder Enterprise, you can define user roles and customize permission settings. While you want to encourage collaboration across teams, you also want to secure your forms by sharing them with the right people in specific roles or departments. Each user role you define holds a particular level of access to your forms, folders, and other users.

The platform allows you to easily grant, restrict, or revoke access to a form, ensuring that your data is in safe hands at all times. For example, Admin users can access all forms and folders, create new users and grant granular permissions. On the other hand, a standard user will be able to either view, edit, or create a new form without having the right to configure the account settings or manage other users.

Audit Trail

123FormBuilder offers a complete audit trail of all the activity on your account and within your forms. It gives you more control over your forms and your data as you can check any event: account logins, deleted forms, edited fields, new users added, or form submissions. You can track any activity per user, per form, and per entire account.

If you’re HIPAA compliant, an audit trail is essential to you, as you need to identify and review actions such as who logged in to your account, what data did the user access, or when specific form edits have been made.

The tamper-proof activity log is running automatically on 123FormBuilder. You can access your data at any time, strengthening your system’s security and ensuring full traceability and transparency.

SLA (Service Level Agreement)

123FormBuilder offers SLAs to Enterprise customers. We’re keeping our system up and running with a guaranteed uptime of 99,99% while you count on a reliable tool with uninterrupted work. Along with the guaranteed software uptime, we’re committed to ensuring that we deliver on the response times, support availability, and the high-quality service requirements agreed upon in your SLA. You can always check 123FormBuilder’s operational status at this link.

Security Audits

We conduct periodic audits on our infrastructure through vulnerability scans and Pen Tests (performed by an authorized third-party security vendor) to evaluate our system’s integrity. Our team promptly fixes any discovered vulnerability, providing you with the highest security standards at all levels.

Employee Security & Training

All 123FormBuilder employees go through mandatory security training specific to their role. They learn about the company’s security policies, our compliance regulations (HIPAA, GDPR, etc.), data privacy best practices, how to spot and report security threats and vulnerabilities, and much more. We train our employees regularly, so every team member is aware of the latest security measures, building a strong security culture in our organization.

Additionally, we use Single Sign-On to login into all 123FormBuilder tools and rely on Multifactor Authentication (MFA) as an extra security protocol that ensures our platform’s protection against cyber-attacks and other threats.

Want more details?
We’d love to show you what 123FormBuilder can do for you.

Frequently Asked Questions

How do you prevent XSS and SQL injections?

All our servers have DDOS protection enabled and use AWS WAF service for analyzing and filtering incoming traffic. The WAF is auto-scalable, and at the moment, rules are configured to protect against SQL injections and rate limit rules to protect specific endpoints (e.g., login) against brute force attacks.

Do you have SOC 2 Type certification?

Yes, our hosting provider (Amazon Web Service) is SOC 2 Type 1 compliant. We do not hold the SOC 2 Type 2 compliance yet.

Do you have PCI compliance?

Yes. The first step in our collaboration is to determine your specific needs and accommodate your change requests in the contract. Please, contact our Sales team to find out more details and talk about your particular requirements.We are not PCI compliant. 123FormBuilder does not collect, transfer, or store user data related to payment transactions. All credit card information and payment data are processed solely on the payment provider’s servers. We work with PCI-compliant payment processing platforms, such as PayPal, Stripe, and Authorize.net.Yes. The first step in our collaboration is to determine your specific needs and accommodate your change requests in the contract. Please, contact our Sales team to find out more details and talk about your particular requirements.

How do you handle DOS & DDOS attacks on the forms & platform?

Our platform is hosted on AWS; therefore, all DOS and DDOS attacks are handled by AWS. All our servers have DDOS protection enabled, and we use the AWS WAF service to analyze and filter all incoming traffic. Our Cloud infrastructure is configured to autoscale and handle high traffic load.

What are some of the security standards and protocols you rely on?

We use the TLSv1.2 protocol and the ECDHE-RSA-AES128-GCM-SHA256 security cipher.