Web Forms
- Secure your existing forms
- Add only a few of lines of code
- Use Ink Signatures and Spam protection
- Deliver/save your data where you need it
- Data protection: Save your data in multiple places
- Create PDFs from web form data
PDF forms
- Capture form data from PDFs
- Secure hosting for PDF forms
- Create PDFs from submitted data
- PDF template support
- Supply thank you/success PDFs to your users
FormBuilder
- Design your own web forms
- Securely hosted for you
- Drag-and-drop, responsive editor
- Use custom CSS and JavaScript
- Great for power users
- Discover: FormBuilder
Ink Signatures
- Replacement for "I agree" check boxes
- Write your name with a mouse, finger, or stylus
- More legally binding
- Signature captured as an image
- Discover: Ink Signatures
How can SecureForm Help You?
Thank you for your willingness to accommodate my client's specific needs. I appreciate the considerable effort you put into adding a feature to SecureForm that supports PDFs created with Adobe Acrobat Professional. I think it's a valuable enhancement to an already great service, and I genuinely appreciate your hard work. Thanks again to the LuxSci team for being so responsive!"
Rainer Freytag, Webmaster & Digital Artist, http://rainer.usHow SecureForm Works
1. SecureForm Setup
With FormBuilder, all you have to do is:
- Use our web interface to configure what happens to the data that is submitted via your form. There are a variety of options available, allowing you to totally customize how your forms behave and how the data is processed.
- Use Form Builder to visually create your form.
Otherwise, getting started with SecureForm is as easy as 1-2-3:
- You design your own web site forms and/or PDF forms.
- Use our web interface to configure what happens to the data that is submitted via your forms.
- Point your form to the web address that we provide to you.
That's it!
2. SecureForm Processing: End-user Perspective
Web Site Forms
If your form is setup as a web page on your site or created using FormBuilder:
- A user visits your web site and fills out your web form.
- When they have completed filling out the form, they press the "Submit" button.
- The data they entered is sent to LuxSci via the secure web address we provide to you.
- If the data is sent successfully, the visitor is redirected to a "Success" page on your web site.
- If the data could not be sent successfully, the visitor is redirected to a "Failure" page on your web site instead.
Note that this process is always the same regardless of where your web site is hosted. Also, unless your web form is misconfigured, the visitor will never be redirected from your web site and will always see your URLs in the address bar. With web site forms, the submission process to LuxSci's servers is always fully transparent to the user.
PDF Forms
If your form is in a PDF, the process is similar:
- The user opens your PDF file and fills out the form.
- When they have completed filling out the form, they press the "Submit" button.
- The data they entered is sent to LuxSci via the secure endpoint web address we provide to you. For PDFs, the user may be prompted to first confirm that they trust the address to where the form data is being sent.
- On success, the user is shown your custom "Success PDF".
- On failure, the user is shown your custom "Failure PDF".
3. Your SecureForm Results: Delivered
Choose your Integrations
Where would you like your data to be saved or sent?
 |
Database. Instead of a file, have your data uploaded directly to a MySQL database. Access that data online through our reporting tools. |
 |
Document Storage. Store your file in LuxSci Documents, part of our WebAidesTM collaboration suite. |
 |
Email. Send the form data and files to you via regular or secure email. Send to any email address/multiple email addresses. |
 |
FTP/SFTP Server. Have your data uploaded to any web server via FTP or SFTP. |
 |
Notice. Send a simple post notification via Email, SMS/text message, SecureChat. |
 |
SecureChat/Mediprocity. Send the form data and files directly to your mobile device or desktop using Mediprocity SecureChat service. |
 |
Dropbox. Send form data and files to your Dropbox account. |
 |
Slack. Send a custom data-laden message to any Slack channel. |
 |
Webhook. Send a to any third-party service that supports inbound JSON or URL-encoded Webhooks. |
Choose your Formats
What formats would you like your saved/sent data in? Some Integrations (e.g. WebHook) come with their own special data format customization options.
 |
Plain text. Receive your data as a raw text file. |
 |
Tabular HTML. A nicely formatted, two-column HTML view of the form fields and data. |
 |
XML Simple, automatically-created XML document. |
 |
PDF. Receive your data as a complete FDF or PDF file, or as a refilled PDF template file. |
 |
Text/HTML Template. Receive your data as a refilled template file in text, HTML, XML, or any other text-based file format. |
 |
CSV. Receive your data as a CSV (Comma Separated Values) file to be viewed in programs such as Microsoft Excel. |
Compare Plans
SecureForm services can also be an upgrade/add-on for customers with existing Email Hosting or Web Hosting accounts.
| Feature | Shared | Dedicated | Custom Enterprise |
|---|---|---|---|
Security & privacy |  |
|
|
For custom enterprise environments, you get to choose the security features that you want included. | |||
Performance & reliability | |
|
|
Shared secure-form processing uses our redundant, load-balanced array of SecureForm procssing servers; however,
your hosted databases and such are located on a shared server.
For dedicated servers, you get to size the server to match your performance requirements.
For custom enterprise environments, you get to choose the reliability features that you want included. | |||
HIPAA Compliance Available? |  |
|
|
HIPAA compliance is available for all SecureForm accounts except the 3-form shared options. | |||
FormBuilder | |
|
|
PDF Hosting | |
|
|
PDFs are hosted in Amazon AWS and are made available through Amazon CloudFront. | |||
PDF & HTML Templates | |
|
|
Ink Signatures | |
|
|
Secure Email via SecureLineTM | |
|
|
All Integrations | |
|
|
Location | USA | USA or Custom | Texas, USA |
LuxSci's services are provided on servers located in USA-based data centers (RackSpace or Amazon).
*Business Class dedicated servers can be provisioned in RackSpace and Amazon data centers around the world if requested by the customer. There may be an additional setup fee for a non-standard location. | |||
Multiple layers of firewalls | |
|
|
Enterprise class servers and Business Class servers at RackSpace enjoy software firewalls and redundant HA hardware firewalls. Business Class servers at Amazon enjoy software firewalls and AWS Security Group logical network firewalls. | |||
Backups included? | |
|
|
Standard backups of your server data are included.
These include 7 daily on-site backups and 4 weekly off-site backups. | |||
Full-disk Encryption | |
* |
|
*Business Class dedicated servers from RackSpace, used for large-scale emailing only have full disk encryption if requested by the customer. This will require ordering a separate disk. | |||
Dedicated SecureFormTM Processing? |  |
|
|
Dedicated SecureForm Processing requires a dedicated server with Private Labeling.
When ordering shared SecureForm services, SecureForms are processed through a shared Enterprise Class cluster and your data is saved on a shared Business Class or Enterprise Class server. Dedicated solutions are ideal for isolating both your data and the processing of your data from everyone else. Dedicated SecureForm Processing servers require servers with a minimum of 2 CPU cores and 4 GB of memory. | |||
Custom backup/retention Schedules? | |
|
|
Dedicated server customers can choose custom backup frequencies and retention schedules; this
may come with an additional cost. Contact sales for more information. | |||
Account isolation: No other LuxSci customers have access to your server. No shared servers. | |
|
|
In a shared solution, many 100s or 1000s of separate customers share the same server. Security replies on logical
and software partitioning of access and resources. Shared solutions are inherently less secure, have
less consistent performance, but are less expensive. Dedicated servers are recommended for when security and
consistent performance are important. | |||
Server isolation: All servers running on the same hardware belong to LuxSci. No public cloud servers. | |
|
|
In the Business Class environment, your server is in a Public Cloud. This means that other servers running
on the same underlying hardware (hypervisor) may be owned by organizations unrelated to LuxSci. This provides
some security risk compared to use of LuxSci's Private Cloud Enterprise Class environment,
where LuxSci owns the underlying hardware and is in control of all servers running on it.
Additionally, the Business Class environment may have less consistent
performance due to the possibility of "noisy neighbor" servers outside of LuxSci's control. | |||
Ultra-reliable: proof against hardware failure | |
|
|
Enterprise Class servers are virtual machines that run on a redundant VMWare cluster. If one of the underlying
hypervisors should have a hardware issue, all servers running on it are immediately rebooted on
another hypervisor, limiting potential downtime to seconds.
Choose Enterprise Class when server uptime is a very high priority. | |||
Multiple servers/server clusters | |
|
|
Private Label Branding | available | |
|
Private Label branding is optional on shared accounts. It starts at $25/mo. Private
Label branding is required for dedicated SecureForm processing servers and is thus included in the "Starting Price"
listed below. | |||
Maximum Post Size: | 50 MB | customizable | customizable |
On dedicated SecureForm processing servers, we can customize your maximum form post size limit. | |||
Starting Price | $50/mo | $150/mo | |
| Order | Contact | Contact | |
Custom Enterprise Solutions
Custom solutions can be tailored for very high numbers of forms or capacity, very high security, and business continuity. They can include:
- Redundant high-availability dedicated hardware firewalls
- Redundant high-availability dedicated load balancers
- Network-based intrusion detection systems
- DDOS Protection up to 100 Gbps
- Redundant, load-balanced SecureForm processing servers
- Redundant, load-balanced web hosting servers
- Replicated high-availability database servers
- System isolation and capacity scaling
- An additional disaster recovery footprint in a different data center
If a custom solution might be right for you, talk to a LuxSci Expert.
FAQs: Perhaps you were wondering...?
Yes. SecureForm integrates with any web or PDF form hosted anywhere. A few minutes is all that it takes to update an existing form to send its data to SecureForm for processing and delivery or storage.
No. You can keep your web site where it is and either integrate its existing forms with SecureForm, or link your site to forms saved in SecureForm FormBuilder.
SecureForm will transmit or save your form data in any combination of formats: plain text, two-column HTML, CSV (Excel), XML, refilled custom templates (HTML, XML, or other), and re-filled PDF templates (even with the data from web form submissions).
SecureForm can transmit or save your form data to many different locations (Integrations). See: "How SecureForm Works".
Yes. HIPAA customers get a trustmark that looks like this:
We do not make your forms. You or your web designer can modify your existing forms, make new forms hosted elsewhere, or use SecureForm visual form builder to make and host new forms. We do provide custom consulting services for form design. This is $250/hour.
We do not manage or migrate your forms. You or your web designer can migrate your existing forms, make new forms hosted elsewhere, or use SecureForm visual form builder to make and host new forms.
You don't need programming skills when using the SecureForm visual form builder or PDF forms. When designing or updating your existing/external web forms, you or your web designer will have to edit a couple of lines of HTML code to direct the form submissions to SecureForm; if a content management system such as Gravity Forms for Wordpress generates or dynamically manages your forms, then you may need a little coding to integrate SecureForm.
Pricing is based on the number of forms and number of submissions per day. See the Compare Plans. The tiers are:
- Starter: Up to 3 forms and up to 1,000 posts/day
- Professional: Up to 25 forms and up to 5,000 posts/day
- Enterprise: Up to 100 forms and up to 10,000 posts/day
For larger limits, please contact sales.
When using SecureForm, data transmits from the end-user's browser (or PDF) to LuxSci, encrypted using strong TLS ciphers. Once it arrives, what happens next depends on the integrations you configure; the security of the results is then, to a certain degree, your choice. For example:
- Encrypted Email: The data can be sent encrypted using PGP, S/MIME, Forced TLS, or via Escrow secure Web pickup.
- SecureChat: You can send form data to recipients securely using our SecureChat real-time communication and collaboration system. These messages are AES-256-encrypted at rest and encrypted via TLS during transmission.
- Secure FTP: You can upload data and files to your server using Secure FTP and a strong cipher like AES 256. Once the files are there, their security is up to you.
- MySQL Database: You can save your form data to a database and you have the option of having all files and data encrypted at rest with native AES encryption.
- WebAide File Storage: You can save your form data to our WebAide Documents collaborative online file storage system. You can choose to have this data be automatically and seamlessly PGP-encrypted.
- WebHook Integrations: Data can be translated securely (over TLS) to external services using WebHooks.
You do not need your own TLS certificate to use SecureForm; however, if you are hosting your forms on your own website, we do recommend that you secure that site with TLS to protect your form pages themselves from alteration/hacking before getting to your end users.
SecureForm includes detailed reports of all successful form posts, and of many kinds of post failures (including emailed alerts of important types of failures). If saving your data to a hosted database, SecureForm provides an audit trail of views and deletions (if such are permitted) of all rows of posted data accessed via our API or or Web-based Form Database viewer.
Yes. Users of your web-based forms can sign a written signature using their mouse, stylus, or finger, and it's possible to capture and deliver that signature along with your form post. The post can even auto-append to refilled PDF templates or inserted inline in refilled HTML templates. See Ink Signatures.
Yes. SecureForm has an API that allows listing, downloading, and optional deletion of SecureForm data stored to a hosted database.
Yes. You can order Private Labeling and then customize all URLs so that LuxSci's domain names are not visible anywhere. You will also need to buy your own TLS certificate or purchase one from LuxSci.
HIPAA-compliant Form
When operating your website or database, you need to ensure that all sensitive client or patient information is secure and protected from unapproved eyes. This means using secure web forms. Unsecured forms and legal documents can provide easy access for hackers to infiltrate and collect confidential information, which is why LuxSci developed a secure web form solution. LuxSci's SecureForm processing allows you to add and store HIPAA- (Health Insurance Portability and Accountability Act) compliant patient forms, tax documents, legal forms, etc., in order to ensure your online services stay protected and legal.
SecureForm seamlessly integrates with any of your company's current web or PDF forms. SecureForm is compatible with any CMS (including WordPress), as well as custom-coded pages made using PHP, .NET, and any other language. You can save your data in multiple formats: plain text, two-column html, CSV (Excel), XML, refilled custom templates (HTML, XML, or other), and refilled PDF templates (even with data from Web forms). Our SecureForm FormBuilder allows you to use our web interface to configure and customize your own forms without any coding knowledge. SecureForm ensures that your data remains protected during transmission, using TLS encryption, and at rest, using PGP and/or AES encryption. Note: if you are a LuxSci HIPAA customer, SecureForm automatically configures for your compliance.
Secure Digital Signature Forms
One of our exciting HIPAA-compliant SecureForm features is Ink Signatures. LuxSci's Ink Signatures are simple web-based agreement boxes that allow you to easily capture the authentic handwritten signatures of anyone filling out a SecureForm-enabled web form. There's no special software or technical knowledge required; you can sign with a mouse, a stylus, or a touchscreen. This user-friendly feature provides an easy way to establish signed agreements and is much easier to implement than standard digital signatures.
eBook: HIPAA-compliant Forms
A technical guide to securing web forms
Book 5 in the LuxSci Internet Security Series.
Created by Erik Kangas, PhD
Get the HIPAA eBook
