FAQS

Any kind of custom web form; the options are virtually unlimited. For instance, you can build survey questionnaires with complex branching logic, polls, quizzes, multi-page data entry forms, multi-step form workflows, client feedback forms, simple contact forms, web order forms, online registration forms, and more.

Plug your forms into powerful workflows with email notifications. Create approval hierarchies with conditional paths, add e-signature, create documents, build a portal, and more.

Forms asking for login credentials, with sensitive fields not marked as sensitive, or Social Security, Passport, or Bank Account Numbers will be automatically disabled for manual review. You will need to contact us and go through a review process to ensure that the use of the form is legitimate and appropriate. Learn more about our moderation practices.

FormAssembly is the only online form builder that operates on an unlimited model. Unlimited forms and unlimited submissions with the most secure data collection platform on the market – it’s hard to beat. In fact, no one comes close.

Yes, but the form fields that collect credit card information (credit card number and CVV code) must have the Sensitive Data settings enabled, and you must use an approved payment connector, such as PayPal or Stripe. Note: Cardholder data is not stored on our servers.

It’s easy to add payment fields to your forms with Predefined Content.

Not at all. Our online form builder is designed to be easily accessible to anyone, regardless of your technical skill set. You can create and publish HTML web forms without any coding knowledge.

Technically, yes, but you’ll probably never reach it. Users have created forms that contain hundreds of fields without any problems. Also, FormAssembly allows you to create unlimited forms and collect unlimited responses.

Yes, you can easily embed forms to your website by pasting the provided HTML code, or by using one of our other advanced publishing methods.

Yes, we’ll host the form for you. The web address will look like this: https://www.tfaforms.com/12345 (where 12345 is a unique identifier for your form).

*The Payment Connector Add-on is required to enable any payment integration.

Your data is safely stored in AWS-hosted datacenters. You can export it at any time, or browse through it using our web interface.

Yes, you can receive a customized email notification each time a response is submitted.

Yes, we can send a customized email to that person on your behalf.

Yes. The total upload size cannot exceed 35MB per submitted response, and there is a limit of 20 file upload fields per form.

Yes, as long as you use one of our integrated payment solutions, such as Stripe, PayPal, or Authorize.Net.

Yes, if you’re on Essentials, Team, or Enterprise plans respondents can easily sign forms with the e-signature feature.

Our service is designed to work with forms created with our online Form Builder, but you’re free to further customize the form’s HTML.

We do not claim any ownership on your data. We act as a facilitator only. We will never share or sell your data to any third party.

Yes, FormAssembly is GDPR compliant.

Yes, FormAssembly is compliant with this e-signature regulation.

Yes, FormAssembly is CCPA certified.

Yes, FormAssembly is SOC 2 Type II compliant.

Yes, FormAssembly is compliant with ISO 27001 on all plan levels with the exception of Basic.

Yes, FormAssembly is HIPAA compliant on our enterprise-level plans.

Yes, FormAssembly is GLBA compliant on our enterprise-level plans.

Yes, all plans are PCI DSS Level 1 certified. Learn more about our security and encryption practices.

Yes! You can access that PDF here: PCI Compliance Summary.

Yes, we’re in compliance with the Privacy Act 1988, including the 13 Australian Privacy Principles. FormAssembly’s E-Signature feature is also compliant with the Australian Electronic Transactions Act.

Yes, FormAssembly has an established Incident Response Plan based on NIST guidelines. It activates in the event of a Security breach. If an incident does occur, a member of our team will notify you immediately if your data is impacted in any way.

Yes, all FormAssembly plans are FERPA compliant.

In addition to the above, we are also compliant with NIST, ISO, and CIS guidelines.

To get real-time and historical data on our uptime, please visit our service status site. For Basic accounts we’re currently maintaining a 99.99% uptime, and we provide a 99.9% SLA for Enterprise plan accounts.

Yes, backups are done hourly, daily, weekly, monthly, 6-monthly, and yearly. We use a reputable and reliable hosting provider (Amazon Web Services [AWS]) and state-of-the-art data centers.

Your data will remain available for as long as you have an active account with us. Your data is taken offline once you delete your account, but it may remain stored in backups for up to two years. Customers on our Team and Enterprise plans may ask for a custom retention policy.

An IT security incident is considered to be an event that has compromised or is likely to compromise the confidentiality, integrity, or availability of information belonging to FormAssembly or a FormAssembly customer. Information is considered to be anything that is processed, stored, or transmitted through our systems.

An IT security incident can occur for numerous reasons:

• A threat actor bypassed a security feature to acquire sensitive information
• An insider threat occurred
• A security mechanism failed
• A phishing attempt was successful
• A mistake in elevating role-based access was made

If you know or suspect that an incident has transpired contact [email protected] or [email protected] immediately.

Yes, FormAssembly forms made with our online form builder are designed to be accessible with assistive technology, so anyone can use your web forms. See our Compliance Statement and Voluntary Product Accessibility Template for more details.

FormAssembly delivers web forms localized in over 40 languages. This means that the form and any text (such as validation error messages) that may appear while your visitors are filling out the form will be displayed in your native language.

For the complete list of supported languages, visit our localization page.

Yes, you can help us by providing a translation.

Yes, all data is processed and stored in the Unicode format (UTF-8).