Data protection and security

Privacy Policy

Please find general information about privacy protection in the Plumsail Forms Privacy Policy.

Application security

Plumsail Forms is hosted in Microsoft Azure. The infrastructure for databases and application servers is managed and maintained by Azure. All servers are located in North Europe.

We take your safety seriously, so everything from design to deployment is done according to the highest security standards. Our source code repositories are regularly scanned for security issues and our network is protected by a firewall.

We have a QA department that reviews and tests our code for any security vulnerabilities. We perform testing in an environment separate from production. We do not use customer data during testing.

Also, we are using IDS technologies to monitor our network for malicious activity or policy violations.

Data security

Plumsail Forms collects very little information about customers - only SharePoint Online domain name (for SharePoint License) and Plumsail Account email are required for license validation.

After installing Plumsail Forms, application logs from the system is the only data we gather from you.

The data submitted with Public Web Forms is by default stored in Microsoft Azure Storage (you can disable this option for any form), encrypted at REST. It’s not accessible until you log in to your Plumsail Account, even we don’t have access to the stored data. Attachments are always stored encrypted at REST, even if the rest of the form data is not stored. Attachments that are older than 30 days are automatically deleted. For the paid plans, the storage can be cleared at any point.

Whenever your data is in transit between you and us, everything is encrypted and sent using HTTPS. Data at rest is encrypted using AES 256 bit standards (one of the strongest block ciphers available) with keys managed by Azure Storage Service Encryption. Data in transit is encrypted with SSL/TLS protocols.

Business transactions

We protect your billing information. All transactions are processed through secure encryption, and sensitive data are transmitted, stored, and processed on the PCI DSS network.

Physical security

Plumsail Forms hosts all internal data in Microsoft Azure which data centers have been tested for security, availability, and business continuity. For more information, take a look at this link. A disaster recovery program ensures that our services will be available or are easily recoverable in the case of any catastrophe.


Plumsail prioritizes customer trust. We know that customer data is important to our customers’ values and operations. That is why we keep it private and safe.

Review the Data Processing Agreement. It describes how we process data you send to us. The Data Processing Agreement is a part of the Master Service Agreement.

Compliance Certifications

Azure data center is certified for ISO 27001, SOC I, II AND III, HIPAA, and FedRAMP compliance. Visit Azure trust center.

Get in touch with us

If you have any questions about our security policy, please, feel free to drop a line at