Security

Effective Date: June 8, 2025

At CMA Forms (forms.thecma.xyz), protecting your data and maintaining a secure environment is a top priority. This page outlines our security practices and how you can help keep your information safe.

1. Data Protection Measures

• All authentication and user data is managed using Firebase Authentication and Firestore, hosted securely on Google Cloud Platform with robust encryption in transit and at rest.
• Passwords are never stored in plaintext; Firebase Authentication uses secure hashing and salting.
• Access to user data is strictly controlled and limited to authorized systems and server-side functions only.
• Form responses and metadata are stored securely in Firestore. No financial or sensitive payment data is collected or stored.
• All exports (CSV, XLSX, PDF) are generated locally in your browser using Tabulator, SheetJS, and jsPDF—no data is sent to third-party analytics or export services.

2. Secure Development & Infrastructure

• All code is reviewed and tested for security vulnerabilities, including XSS, CSRF, and injection attacks.
• Third-party libraries (Tabulator, FormBuilderJS, SheetJS, jsPDF, Resend mail, etc.) are kept up to date and reviewed for security.
• Server-side logic is handled by Firebase Functions, which are secured with proper authentication and authorization checks.
• Automated email delivery is handled securely via Resend mail and Firebase Functions.
• All API endpoints and serverless functions are protected by Firebase Authentication and security rules.

3. User Responsibilities

• Keep your account credentials confidential and use strong, unique passwords.
• Review permissions carefully when connecting third-party services (such as Google Sign-In).
• Report any suspicious activity or security concerns promptly to our team.

4. Security Features in CMA Forms

• All form data is isolated per user; no cross-user access is permitted.
• Automatic session expiration and re-authentication for sensitive actions.
• Audit logging for key actions (form creation, deletion, export, etc.) via Firestore and Functions.
• Spam and abuse prevention using metadata and server-side validation.

5. Reporting Security Issues

If you discover a security vulnerability or have concerns, please contact us immediately:

• Email: chrismaje63@gmail.com
• Contact Form: Contact Us Form

6. Updates to Security Policies

We may update this page as security practices evolve. Check back periodically to stay informed about our latest measures.