Yea, this is a tough one. Security is a super tricky component of any application, especially when you are storing data that belongs to other people.
In the case of Form King, all transport is over TLS, with the RDS instances being encrypted at rest. When a form is submitted, the data is encrypted and uses the AES-256-CBC cipher prior to storage. I just didn't want to store other people's data in plain text. Form could include names, and emails, and addresses. It's also signed with a MAC to ensure the data isn't modified.
This is probably some information I should include on the website as well (It's a personal project that I just work on in the evenings and weekends, so I had to prioritize stuff and the marketing website was one of the lowest :) )
Now, keeping in mind that I'm no security expert beyond what's standard for production applications, this is the area of any service that worries me the most and it'll remain a top priority to continue enhancing the security of the app.
Of the hundreds of forms out there across the static properties that are mine, and that I work on, it'll take time to convert them all.
As for user counts, one of the benefits of it being a personal project is that I don't have to share or defend that. It's a service that's there, if you want it feel free to use it. If not, that's completely okay too
I'll add that form to my list for conversion though, so at least thanks for that :)
In the case of Form King, all transport is over TLS, with the RDS instances being encrypted at rest. When a form is submitted, the data is encrypted and uses the AES-256-CBC cipher prior to storage. I just didn't want to store other people's data in plain text. Form could include names, and emails, and addresses. It's also signed with a MAC to ensure the data isn't modified.
This is probably some information I should include on the website as well (It's a personal project that I just work on in the evenings and weekends, so I had to prioritize stuff and the marketing website was one of the lowest :) )
Now, keeping in mind that I'm no security expert beyond what's standard for production applications, this is the area of any service that worries me the most and it'll remain a top priority to continue enhancing the security of the app.