Security
Let's explore how your data is secure with Gravity Forms Power Automate Professional.
How Data Flows
Direct Connection to Power Automate
This plugin provides a direct connection to Power Automate under all circumstances. This means that your data is never stored, processed, or visible to Reenhanced. Power Automate runs in Azure in data centers around the world. You can learn more about Microsoft's security practices on their website.
This is Gravity Forms Power Automate Professional. We also offer a standard connector that uses our servers to connect to Power Automate. This plugin has been re-written for security and performance reasons. If you are using the standard connector, be aware that our server is involved in the data flow as it was introduced early in the Power Automate lifecycle. We will continue to provide support for the Standard version.
Secure By Design
Your Gravity Forms data is connected to Power Automate using Gravity Forms Power Automate Professional through flows. The flows are externally defined within Power Automate and provide only the data that you specify. The data is sent to Power Automate over SSL connections.
In the case of a full compromise of your website, an attacker would not gain any additional access to your data. Our plugin does not have credentials to your internal systems. This is by design. The only data stored in your WordPress website is the data that you specify in your flows.
It is possible to trigger flows with Gravity Forms Power Automate Professional that send data to your internal systems. You should be aware of this when designing your flows. You should also be aware that if you write data back to your WordPress website, in the case of a WordPress system compromise, the data you write to your system could become compromised. Consult with your IT security team for any advanced flows if you have concerns.
WordPress sites have been known to be compromised in the past. We recommend that you follow best practices for securing your WordPress website. This includes keeping your WordPress installation, themes, and plugins up to date, using strong passwords, and using a security plugin like WordFence or Sucuri.
Certain workflows, like submitting a form and receiving a response from your internal systems are not possible because of our plugins system architecture. If you need to integrate in this way, you should use a different solution.
If you are using Dataverse, we highly recommend Dataverse Integration by AlexaCRM. It is a premium plugin that allows you to integrate Gravity Forms with Dataverse.
Direct Connection to Power Automate
When integrating Gravity Forms with Power Automate, Gravity Forms Power Automate Professional connects directly to Power Automate. This means that your data is never stored, processed, or visible to Reenhanced.
Power Automate runs in Azure in data centers around the world. You can learn more about Microsoft's security practices on their website.
WordPress is a self-hosted solution available from many hosting providers. You should review the security practices of your hosting provider to understand how they handle your data.
You have complete control over your data at all times. Well, as much control as Microsoft will allow you to have.
GDPR Concerns
If you have concerns about GDPR, you should be aware that Power Automate is a cloud-based service from Microsoft. You should review Microsoft's GDPR documentation to understand how they handle GDPR compliance.
WordPress is a self-hosted solution, so you should review GDPR requirements for your specific hosting provider.
Gravity Forms has information on GDPR compliance on their website.
If you are using GravityView, you can review the GDPR and GravityView documentation.
If you are using Gravity PDF, you can review the GDPR and Gravity PDF documentation.
Our plugin sends data externally to Power Automate over SSL connections. We do not store any data on our servers. We do not have access to your data. We do not have access to your Power Automate account.
Data Retention
Gravity Forms Power Automate Professional does not store any data. We do not have access to your data. We do not have access to your Power Automate account. We do not have access to your WordPress website.
Data Access
If a user has access to the following pieces of information, they could potentially access your data:
- Your WordPress website URL
- Your Gravity Forms Power Automate Professional License Key
- Your unique secret key
The License key is obviously known to us, but the secret key is known only to your WordPress website and Power Automate. It is 48 characters long and generated through the wp_rand function in WordPress. It is stored in your WordPress database as a transient and is not accessible to us.
If an attacker were to gain access to your unencrypted WordPress database, the database would contain the secret key. This could be used to access your WordPress data through the API. (Although, they would already have access to the WordPress database?)
Data Transmission
Our system uses a REST API to communicate with Power Automate. The data is sent to Power Automate over SSL connections.
It is secured through your License Key and a unique secret key that is generated for each installation.
Data Encryption
You should probably configure your WordPress website to encrypt data at rest. This is a good practice for any website. You should also configure your WordPress website to use SSL connections.
Both of these are outside of the scope of what's provided by Gravity Forms Power Automate Professional. Our plugin requires SSL for usage and Power Automate uses SSL for all connections.
Data Deletion
If you have finished using Gravity Forms Power Automate Professional, you can delete the plugin from your WordPress website. This will remove all data associated with the plugin from your website.
If you want to remove your customer data from our systems, you can contact us at reenhanced.com/support. There are probably tax reasons we need to keep some of your data, but we'll do our best to accommodate your request. We can remove your old license key and domain name data when your subscription is over.
The Data We Store
When you purchase and/or activate Gravity Forms Power Automate Professional, we store the following information:
- Your email address
- Your billing address
- Your license key
- The URL of your WordPress website(s) (for licensing purposes)