Articles on: Security & Privacy

Data handling and privacy in FormStatus

FormStatus is designed with security and data privacy at its core. This article outlines how we collect, process, and protect the data used during your form testing workflows.


Data Collection & Minimization

** **

Only what’s needed

FormStatus collects only the data required to execute, validate, and debug form submissions. This includes:

  • Form field names and input values (either your provided overrides or generated defaults)
  • Response codes and validation errors
  • Screenshots and HTML snapshots
  • Console logs from the browser session


We do not collect or store unrelated user data or analytics.


**

Test Submissions

**

Simulated or real, but not stored

FormStatus can simulate or send real submissions to your forms during testing. Regardless of method:

  • These test submissions are temporary and not stored in live form processing systems.
  • They are only used for validation purposes and test diagnostics.


Tenant isolation

Each customer’s data is logically separated in a dedicated schema within our secure multi-tenant database. Your:

  • Form URLs
  • Testing configurations
  • Test results


...are only accessible to your account and are completely isolated from other tenants.


Encryption & Access Controls


Secure transmission & storage

  • All test data is encrypted in transit using TLS 1.2+
  • Data is encrypted **at rest **with AES-256


Authenticated access only

Only users logged into your FormStatus account can:

  • Access test data
  • Run tests
  • View historical results


On-demand deletion

You can permanently delete:

  • Individual test records
  • Entire form histories


Deleted data is immediately removed from live storage.



Email Privacy (Email Check Mode)


Dedicated secure Inboxes

When Email Check is enabled:

  • Submissions are sent to secure, dedicated test inboxes
  • Access is restricted with strict controls


Metadata-first validation

We validate delivery using only essential metadata:

  • SMTP response codes
  • Email headers (From, To, Subject, Date)
  • Bounce notifications


We do not store full email content by default.



What test data is stored?


Logs & snapshots

  • Screenshots (PNG) before and after submission
  • HTML snapshots of the DOM for debugging
  • Browser console logs (JavaScript warnings and errors)


Structured results

  • Field-by-field pass/fail statuses
  • Validation and SSL error messages
  • Email check metadata (no full content)



Storage Architecture

  • Object storage for binary data (screenshots, HTML) — encrypted and write-once
  • Relational storage for structured data — tenant-separated with row-level security



If you have questions about how your data is handled or need assistance with data deletion, contact support.


Updated on: 15/05/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!