Formotus does not store customer data. Customers are responsible for their data storage.​


The Formotus service is hosted on Microsoft Azure, for that reason Formotus can claim to have unparalleled security for a SaaS offering. Microsoft has decades-long experience building enterprise software and running some of the largest online services in the world. They use this experience to implement and continuously improve security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of services and data.  You can read more about Microsoft security and compliance here. The other elements of an organization’s mobile forms deployment are out of the control of Formotus—the organization is responsible for securing the devices of their mobile users. The connection from the mobile device to where an organization stores its data store is also managed by the organization.  And finally, where the data is stored and how the data store is secured—is also the responsibility of the organization.  Formotus does not store customer data by design.  Our focus is on maintaining the security of the Formotus service. The Formotus service is also fully compliant with the GDPR standards, read more about that here.
Formotus GDPR Compliant Architecture
Formotus Forms Workflow Diagram
Secure Formotus service


In designing a mobile forms strategy there is often a trade-off between security and convenience. The more securely you lock down your sensitive data, the less convenient it can be for your mobile users to work with that data. Although our customers are the ones who decide how to balance their security and convenience, the Formotus Team’s goal is to give our customers the tools and options they need to achieve whatever level of security they require.
Customers choose data storage location


We built the Formotus service to enable our customer to access their data no matter where it is stored.  The mobile forms that customers create with the Formotus service, and deploy to their mobile users to collect data, are submitted by the mobile users to the data store location specified by the customer when they create their Formotus mobile form. When you create your mobile forms, you define the custom user interface, business logic and data connection elements and deploy those as mobile forms to your mobile users’ devices. You can also monitor the use of those forms with metadata about when those forms have been installed, opened and submitted by whom. You can store your data just about anywhere you like.  Many customers submit their data through email, using the PDF, HTML and XML data submission capabilities of the Formotus service.  Formotus offers a growing number of data connectors, including SharePoint, Salesforce, Google Sheets and Google Drive.

Comparison of Security and Integration Features of Leading Mobile Form SaaS Providers

iFormBuilder doForms Flowfinity Formotus GoSpotCheck goCanvas ProntoForms
Where Your Data Is Stored
Customers store data (completely private) no no no yes no no no
Vendors stores or sends your data through their cloud yes yes yes no yes yes yes
Store data directly to customers data stores no no no yes no no no
Support federated authentication yes no no yes yes no no
HIPAA compliant yes yes no yes no yes on demand
GDPR compliant yes no no yes yes yes upon request
Live Data Connectors (native)
Query from Salesforce no no no yes no no limited
Query from SharePoint libraries and lists no no no yes no no limited
Query from Google Sheets no no no yes no no yes
Query from SOAP web services no no no yes no no limited
Query from REST web services no no no yes no no limited
Submit to Salesforce no no no yes no via Zapier limited
Submit to SharePoint libraries and lists no no no yes no no limited
Submit to Google Sheets no no no yes no via Zapier yes
Submit to SOAP web services no no no yes no via Zapier no
Submit to REST web services no no no yes no via Zapier no
Infopath Integration and Migration
Works with Microsoft InfoPath no no no yes no no no
Has built in Infopath migration tools no no no yes no no no


  • Mobile user authentication: to use the Formotus mobile forms you deploy to your users, the mobile users will need to login on their mobile device to authenticate as members of your Formotus organization.
  • Formotus portal authentication: Formotus administrators log in to the Formotus portal, which is hosted on Microsoft Azure. Azure provides you the option to require strong passwords for this login.  [Note:  the credentials used by the Formotus administrator to log into the Formotus portal are unique to your Formotus account and are separate from any credentials used to access your company data on a SharePoint site for example.]
  • Control over form design: the Formotus creator enables you to control the level of security built into your forms. For example, based on the credentials used to log into your Formotus mobile form, the user will see certain data pre-populates the form.  When the form is submitted, their manager can open the form and see additional data fields, such as the amount of time a form was open, where the mobile user was located when they submitted the form, etc.
  • Control mobile form deployments, and remotely disable users: Formotus portal administrators have complete real-time control over exactly who has access to which forms. Admins can un-deploy forms from a mobile user and it will disappear from their device. Admins can remove a user from organization they will be unable to log into the Formotus app. Disablement occurs immediately if the user is online, or when they next connect.
HIPAA compliant


HIPAA is “technology neutral”.  HIPAA does not specify or endorse any particular technology.  However, the Security Rule included in the HIPAA guidelines lists 5 technical safeguard standards. Formotus has developed its hosted service to provide physical, administrative and technical safeguards that facilitate full compliance with the HIPAA standards for:  access control; audit controls; integrity, person or entity authentication and transmission security.