[yupitszac]

Yea, this is a tough one. Security is a super tricky component of any application, especially when you are storing data that belongs to other people.

In the case of Form King, all transport is over TLS, with the RDS instances being encrypted at rest. When a form is submitted, the data is encrypted and uses the AES-256-CBC cipher prior to storage. I just didn't want to store other people's data in plain text. Form could include names, and emails, and addresses. It's also signed with a MAC to ensure the data isn't modified.

This is probably some information I should include on the website as well (It's a personal project that I just work on in the evenings and weekends, so I had to prioritize stuff and the marketing website was one of the lowest :) )

Now, keeping in mind that I'm no security expert beyond what's standard for production applications, this is the area of any service that worries me the most and it'll remain a top priority to continue enhancing the security of the app.