The security of the doForms platform is based on (i) data transmission encryption, and (ii) Google’s Cloud Platform (GCP) infrastructure and security. This includes the Google App Engine (GAE), Google datastore, Google Cloud logging, Google security services, Google network infrastructure, and Google data center. Our Google data center is located in Council Bluffs, Iowa USA. This is a tier 1 ISO 22301:2019 certified facility with 6 layers of security.

Data transmission between your mobile devices and the doForms website is encrypted in transit using Secure Socket Layer (SSL)/ Transport Layer Security (TLS 1.2 or higher), depending on your browser’s settings. This protects your data while traveling over the airwaves or internet. If you are accessing doForms via your browser, please be sure to use the encrypted connection using https://mydoforms.appspot.com/login. All data stored in the doForms cloud (GCP) is FIPS 140-2 verified encrypted at rest.

You can also have peace of mind knowing that your data and forms are hosted on Google’s Cloud Platform infrastructure. The Google Cloud Platform has successfully undergone annual SAS 70 Type II audits which have evolved into the SSAE 16 Type II attestation and its international counterpart, ISAE 3402 Type II. Additional certifications and compliances include CSA-STAR, FedRAMP, FISMA, PCI-DSS, ISO 27001:2022, ISO 27017:2015, ISO 27018:2019, ISO 27701:2019, HIPAA and many more. doForms has a signed business associate’s agreement (BAA) with Google.

Third party audits are only part of the security and compliance benefits of Google Cloud Platform products. Google protects our customers’ data by employing some of the foremost security experts, by executing rigorous safety processes, and by implementing cutting-edge technology. For more information visit the Google Apps Trust page.

Source: https://cloud.googleblog.com/2011/08/security-first-google-apps-and-google.html