If your organization uses the Enhanced Data Security or Formstack for Healthcare Add-on in Formstack Forms, you know it’s built to lock things down. But what if not all your forms need that level of control?
Let’s say:
- Your new employee forms need strict rules for sensitive information.
- Your contact us form wants to send submissions to non-Formstack users via email.
- Your patient intake forms require tight restrictions
- Your event registration form needs to send to Google Sheets.
Until now, there wasn't a way to have it all on one account. The Enhanced Data Security Add-on enforced an “all-or-nothing” lockdown across all forms—great for compliance, but not so great for flexibility.
We heard you.
Why We Built It
Healthcare and other highly regulated industries have been asking for more nuanced control over how and where data is shared, especially when Enhanced Data Security is enabled.
Previously, Org Admins had no way to allow some forms to behave more openly while keeping tighter restrictions on others. That made Forms harder to use for many teams juggling varying data sensitivity levels. Why can't I use the same application for all my organization’s use cases?
With this new update, Org Admins can now choose to unlock form-by-form security settings. That means you can turn specific features on or off depending on the needs of each workflow, without compromising your overall security posture.
What You Can Now Customize
Once Granular Controls are enabled, Form Editors will see a new Enhanced Security section in each form's settings.
Here’s what you can toggle:
- Public Submission Sharing: Hide or show the public link-sharing feature in Submissions.
- Email Delivery Rules: Allow emails to non-Formstack users, even if SMTP is on.
- Email Content Controls: Choose whether to include form fields or attachments in notification emails.
- Integration Access: Opt-in to all available integrations instead of just the approved default set.
These settings let you tailor your security levels per form—great for teams that manage a mix of sensitive and non-sensitive workflows.
A Note on Defaults
By design, the Enhanced Data Security Add-on still defaults to “maximum lockdown.” That means:
- New forms start with all restrictions on
- If you copy a form, it inherits the original’s security settings
- Org Admins must enable Granular Controls first before Form Editors can see or use these new settings
This ensures that accounts stay compliant by default, with added flexibility only when explicitly granted.
Summary
Security shouldn’t come at the cost of usability. With Granular Security Controls, you get the best of both worlds: data protection where it matters most, and flexibility where your team needs it.
This update is now live and available to all accounts using the Enhanced Data Security Add-on and Formstack for Healthcare Add-on. If you’re interested in speaking with us about adding this product to your account, please contact us here.
Need help getting started with this new feature? Visit the Security Settings section in your Admin Panel or check out the support docs.
