Security @ Mailform

Security of your personal and business data provided to Mailform is of the utmost importance. We host Mailform on using secure infrastructure services from a number of providers, including Heroku, Google Cloud and Linode.

Product Security

Authentication

Mailform allows authentication using:

For all these authentication methods, no password information is requested, required or stored.

Mailform also supports authentication with an email address and a password: in this case the password is securely hashed with bcrypt.

Permissions

Mailform offers support for teams: the team owner(s) can invite additional members of their team and permit those members to purchase services from Mailform without granting them access to payment information.

Operational Security

Mailform's production systems are managed infrastructure services provided and secured by Heroku, Linode and Google Cloud.

All network traffic is encrypted in transit using industry standard HTTPS security, with certificates provided by LetsEncrypt.

All employee access to critical infrastructure requires two-factor authentication.

Data Security

All customer data stored in Mailform's databases and on disk are encrypted at rest.

Network Security

Mailform uses web application firewalls and rate limiting to protect our systems from errors and attacks.

Customer Financial Information

Mailform accepts payments using Stripe and Paypal: we do not store any credit card information in our systems.

API and Integrations

Access to the Mailform API endpoints requires a security access token that can be managed by customers: existing tokens can be deleted and new tokens generated on demand.

All other integrations are on demand and access tokens for those integrations can be deleted on demand.

Vulnerability Reporting

If you believe you've identified a potential security vulnerability on Mailform or with one of the services we use, please report it to us right away. We will evaluate all legitimate reports as soon as possible and try to fix any problems quickly.

More Information

Please send any reports to security@mailform.io: we will get back to you as soon as possible. We would be grateful if you:

Exclusions

While researching, we'd respectfully ask that you don't:

In addition, our security policy considers the following to be out of scope:

Acknowledgements

Mailform would like to thank the following security researchers for working with us to provide secure products and protect our customers' information.

2020


Jagadeesh V

https://linkedin.com/in/jagadeesh-jd-79308b93

2019


Mohamed Saqib C

https://www.linkedin.com/in/mohamed-saqib

Abin Joseph

https://www.facebook.com/hacker.abin1337

Pethuraj M

https://www.pethuraj.com, https://www.pethuraj.in

2018


Sumit Sahoo

https://www.sumitsahoo.com