Security of your personal and business data provided to Mailform is of the utmost importance. We host Mailform on using secure infrastructure services from a number of providers, including Heroku, Google Cloud and Linode.
Mailform allows authentication using:
For all these authentication methods, no password information is requested, required or stored.
Mailform also supports authentication with an email address and a password: in this case the password is securely hashed with bcrypt.
Mailform offers support for teams: the team owner(s) can invite additional members of their team and permit those members to purchase services from Mailform without granting them access to payment information.
Mailform's production systems are managed infrastructure services provided and secured by Heroku, Linode and Google Cloud.
All network traffic is encrypted in transit using industry standard HTTPS security, with certificates provided by LetsEncrypt.
All employee access to critical infrastructure requires two-factor authentication.
All customer data stored in Mailform's databases and on disk are encrypted at rest.
Mailform uses web application firewalls and rate limiting to protect our systems from errors and attacks.
Mailform accepts payments using Stripe and Paypal: we do not store any credit card information in our systems.
Access to the Mailform API endpoints requires a security access token that can be managed by customers: existing tokens can be deleted and new tokens generated on demand.
All other integrations are on demand and access tokens for those integrations can be deleted on demand.
If you believe you've identified a potential security vulnerability on Mailform or with one of the services we use, please report it to us right away. We will evaluate all legitimate reports as soon as possible and try to fix any problems quickly.
Please send any reports to firstname.lastname@example.org: we will get back to you as soon as possible. We would be grateful if you:
While researching, we'd respectfully ask that you don't:
In addition, our security policy considers the following to be out of scope:
Mailform would like to thank the following security researchers for working with us to provide secure products and protect our customers' information.