Enterprise-Grade Security

Best-in-class data security and access controls

Customer trust and data security are critical to everything we do. Pro-Forms follows security and privacy best practices to ensure customer data is safeguarded.

Supporting teams at

Compliance

Strong Regulatory Compliance

  • Audited and certified as SOC 2 compliant
  • Pro-Forms is GDPR compliant and provides an endpoint to purge user data
  • Pro-Forms is HIPAA compliant
  • Pro-Forms is CCPA compliant

Strong regulatory compliance

Pro-Forms' security policies and protocols meet the standards for certification required to comply with major privacy-focused legislation.

Infrastructure security

We take steps to ensure that the infrastructure you're entrusting your forms to is secure and scalable.

  • Private endpoints enforced across system infrastructure
  • IP whitelisting and private VPC enforced
  • Regular penetration testing is performed

Detailed reports available

If you'd like to dig into the details of Pro-Forms' certifications, contact support@pro-forms.io.

Security

Product and Data Security

Customizable data compliance

Pro-Forms offers flexible options for you to choose from when setting up your data storage and processing.

  • Host and process your form data in all major regions of the world, including the US, EU, Canada, Australia, and more.
  • You can configure Pro-Forms to automatically discard your user data after a certain period of time.

Bank-level encryption

Secure your data with the same encryption that banks use and ensure that no unauthorized parties can view sensitive information.

  • Data at rest is secured using bank level AES-256 bit encryption.
  • All data in transit is encrypted using TLS/SSL.
  • We've received a score of "A" from Qualys SSL Labs.

Account security

Pro-Forms supports Single sign-on (SSO) so you can decrease attack surface and monitor login activity.

  • Support for all SSO options, including Microsoft, Google, Okta, OneLogin, and much more.
  • Audit logs for account activity and multi factor authentication can be enforced system wide.

Identity and access management

Create granular permissions that dictate who can access and work with your forms and data.

  • Support for role-based permissions, custom permission profiles, and user groups.
  • Support for workspaces and enterprise-scale organization.
  • Logs can be deleted on request
Team Security

Internal Security Best Practices

  • Personnel undergo security awareness training
  • Compliance mandated for all employees with Information Security Policy, HIPAA Policy, Data Disposal Policy, Business Continuity and Disaster Recovery Plan, Encryption Policy, and more.
  • Internal SSO and multi-factor authentication required for all Pro-Forms employees and consultants

Detailed awareness training

All Pro-Forms staff undergo detailed security awareness training — both when they join, and periodically to maintain compliance standards.

  • Personnel are restricted to minimum access necessary to complete business-related tasks.
  • Email phishing and HR security enforced across all company systems — only select trained personnel can access specific aspects of company systems at any given time

Internal access controls

To prevent internal vulnerabilities, Pro-Forms uses IP-based access to limit employee visibility into tools and resources.

Enterprise-grade security for all plans

Learn more about Pro-Forms' security practices

We're transforming the way data is collected and activated across the web.