Salesforce for Formstack consists of two main components: a form builder app hosted entirely on Salesforce servers, and a form engine hosted on our own dedicated servers in the United States. The role of the form engine in the process is threefold:
- Process and display created forms on the web
- Collect, validate and encrypt submitted data
- Submit validated data to Salesforce
As part of the data validation process, the form engine will ensure that the data submitted into the form matches your Salesforce instance's object configuration, including field data formats, required fields, hidden values, etc. Only when it can ensure that the submitted data matches your Salesforce object configuration exactly will it attempt to submit the data into Salesforce. Once your information has been successfully submitted to Salesforce, it is immediately purged from our servers.
However, if there is any type of tampering done within the form, or if your Salesforce object configuration changes, this may result in your data not being successfully stored in Salesforce. As a result, there is the chance that unsuccessful form submission data will reside on our servers until the configuration issue is resolved within Salesforce and the form builder retries the form submission from within Salesforce.
Here are some ways that Salesforce ensures that we encrypt all customer data:
- We've implemented encryption in transmission and storage of data. All form submission data that is temporarily stored on our servers is encrypted using AES symmetric key encryption.
- All traffic to and from your Salesforce instance is transmitted using HTTPS with a CA-signed server certificate. This means that any data that is intercepted during transmission between our servers and Salesforce's servers is encrypted.
- For authentication with Salesforce, we use Salesforce's OAUTH web server flow to authenticate all users. This ensures that we can access your Salesforce instance to push your data in without storing your Salesforce credentials.
- All submitted form data is stored securely on Salesforce for Formstack servers in the event of a failure to communicate with Salesforce.
- Forms built with Salesforce for Formstack feature the following anti-tampering mechanisms to ensure data integrity and security:
- Only those fields added by Salesforce for Formstack will be recorded and stored into Salesforce.
- Any data that does not conform to expected data formats and maximum lengths will be ignored, including:
- E-mail address Currency Percentage Numeric/decimal URL
- Any single or multi-select picklist selections that are not a valid value in Salesforce will be ignored.
- All fields marked as hidden are excluded from rendered form HTML.
- Sensitive Salesforce values are encrypted, including reference field IDs and your Salesforce organization ID.
- Any file uploads that do not conform to the expected file formats requested in your form will be ignored.
- Any file uploads exceeding the maximum number of uploads specified in your form are ignored.
Please contact us if you have more questions about our data policies.