We noticed that JavaScript is disabled in your browser. We suggest enabling it for a better experience.
We noticed you're using an older version of Internet Explorer. We suggest you update to the latest version for a better experience.
Skip to main content
Print

Data Collection and Storage

Your Forms & Workflow data — including all responses to your forms — is securely stored in the cloud. We use web application firewalls, anti-malware solutions, and have industry-standard access controls to secure your data.

Data from users in Australia, New Zealand, and other countries in the Asia-Pacific region is stored within Australia. Data from users in all other countries is stored within the USA. This is to help comply with data sovereignty requirements for our Government clients.

Please note that this product is not fully compliant to any state or federal laws pertaining to the collection or storage of personally identifiable information (PII). However, there are ways to mitigate concerns about the security of personal information, including:

  • Use workspaces and permission restrictions to control who has access to response data.
  • Set up workflows so that only certain users can process and action responses that contain PII.
  • Ensure that form responses are not sent via any email notifications, particularly any file uploads that may contain identification documents.
  • Deactivate any API keys that are not in use.

You can find much more detailed information about privacy and data security in the Granicus Trust Center, where you can also find the Granicus Privacy Policy. You can also contact our support team by emailing support@granicus.com for a more detailed breakdown of Forms & Workflow security.

How We Treat Payment Data

 

If you're taking Payment Gateway payments through your forms it's important to know how we treat transaction data.

Forms & Workflow (Granicus) as a PCI Security Council defined Service Provider understands its obligation to comply with the Payment Card Industry Data Security Standard (“PCI DSS”) and any amendments thereto.

 

Granicus acknowledges that it is responsible for securing customer cardholder data that it may transmit, store, or process on its systems or to the extent that Granicus could impact the security of our customer’s cardholder data environment.

 

Submit a ticket in our support portal if you require a copy of Granicus' Attestation of Compliance document for your PCI DSS records.

 

What Next?

Was this helpful?

Related topics