You Own Your Data
Your organisation owns the form response data and file upload data. Snapforms will only access your data at your request. To protect your data from unauthorised access, we have logs with alerts set to notify us of suspicious activity.
You may download your information or delete your information from our system at any time.
Password & Authentication
Snapforms provides customers with the ability to create strong passwords that lockout the user after several failed attempts to log in, require a minimum of seven (7) characters and contain letters, numbers, or symbols.
We provide customers with the option to enable multi-factor authentication for additional security.
Snapforms is hosted on Amazon Web Services (AWS) infrastructure located in Australia. We have made a strategic choice to use the world’s leading cloud IT infrastructure provider who provides a high performing, robust and secure infrastructure set to meet the needs of our users.
Amazon maintains several compliance certifications including ISO 27001, SOC1, SOC2, SOC3, PCI DSS, IRAP, ISO 9001, CSA, ICO 27017, ISO 27018.
Data is encrypted at rest. All submission data is disk encrypted under AES-256.
Our network security helps protect your data against the most sophisticated electronic attacks. For security reasons, an intentionally general summary of our network security practices includes TLS encrypted communication, intrusion detection/prevention systems, control & audit and virus scanning.
SSL Data in Transit. Data in transit is protected by TLS 1.2 to provide end-to-end communication security.
We employ only best practice coding and have constructed Snapforms so that every account is isolated. We have safeguards in place to detect common attacks such as SQL injection, cross-site scripting, cross site request forgery and more.
We engage third parties to perform regular audits and penetration testing against our applications.
Redundancy and Business Continuity
We have designed our systems and infrastructure with high availability and redundancy in mind. This includes backup, mitigation and handling in case of server failure, power failure, fire or other disaster.