Paperform follows industry best standards to keep your information safe, including SOC 2 and GDPR compliances. Please visit our Trust Centre at https://paperform.co/trust/ for more information.

Ongoing security is your responsibility

While Paperform systems are secure, the data you capture is only as safe as you handle it. Customers are responsible for the ongoing security and compliance of any data that is captured by their forms through Paperform services.

This may include opting to not use certain functionality like email summaries, or configuring additional security settings like bringing your own S3 bucket to enable private file uploads.

File uploads

Files uploaded by respondents, and files generated during submission such as Custom PDFs, are stored privately by default and are only accessible via secure, signed URLs.

Once generated, these URLs can be opened by anyone with the link for 7 days. After 7 days, only logged-in users in your Paperform team with access to the file can open or download it, unless the team owner has enabled public file access.

Customers with specific storage, compliance, or infrastructure requirements can use their own Amazon S3 bucket to store uploaded files. This may impact the expected behavior of other features like accessing files via email, submission exports or integrations with third parties. To configure bring-your-own (BYO) S3, see more here.