Last updated: 2026-06-20
This page describes the security controls SocialPulse Forms uses to protect your data and the data of your form respondents.
All connections to SocialPulse Forms are encrypted using HTTPS (TLS 1.2 or higher). Unencrypted HTTP connections are redirected to HTTPS.
Passwords are hashed using bcrypt before storage. We never store or transmit plaintext passwords. Password reset tokens are single-use and time-limited.
Access to your workspace is controlled through role-based permissions (Owner, Admin, Member, Viewer). Every action is authorized server-side using Laravel policies. Authentication state is maintained through server-side sessions.
Files uploaded through forms are stored outside the public web root. Access to uploaded files is controlled and requires authorization. Signed, time-limited URLs are used for authorized file downloads.
Key actions including authentication events, form publishing, and submission management are logged with timestamps and IP addresses for security and accountability purposes.
Form submission endpoints are rate-limited by IP address and per-form to reduce abuse. Authentication endpoints are rate-limited to prevent brute force attacks.
Public forms include honeypot fields to detect automated submissions. Optional CAPTCHA integration is available for higher-risk forms.
Background processing uses a database-backed task queue with idempotency controls. Tasks are locked before processing to prevent duplicate execution.
Database backups are performed regularly through our hosting provider. Backup restoration procedures are tested periodically.
We keep our software dependencies up to date and monitor for known security vulnerabilities.
If you discover a security vulnerability in SocialPulse Forms, please report it to legal@socialpulse.theappsgalore.com. We appreciate responsible disclosure and will respond promptly.
Data is retained according to our Data Retention and Deletion Policy. You may delete your workspace data at any time from your account settings.
Version 2026-06-20 — Effective June 20, 2026
Terms · Privacy · E-Sign Consent · Acceptable Use · Security · Subprocessors