Data Encryption & Security

AES-256 encryption at rest, TLS in transit, Microsoft Azure infrastructure - your data protected at every point in the pipeline

Overview

Instafill.ai is a product of BOTMAKERS LLC and is hosted entirely on Microsoft Azure - files stored in a secure Microsoft Azure data center at 5150 Rogers Rd, San Antonio, TX, USA. All data in transit and at rest is encrypted using industry-standard protocols.

Encryption works at two layers. Text content - source documents, profile data, form fill inputs - is encrypted at the application layer using workspace-scoped AES encryption. Binary files - uploaded PDFs, filled output PDFs, batch imports - are stored in Azure Blob Storage with storage-layer AES-256 encryption, with key material managed in Azure Key Vault and never embedded in application code.

Every workspace is fully isolated. Data uploaded or processed in one workspace cannot be accessed from another, regardless of how a request is made. You own your data. Instafill.ai does not use form contents, uploaded documents, or processed outputs for AI training or to improve algorithms.

Full details are at instafill.ai/security.

Encryption at Rest

Text content - source document text, profile fields, and form fill inputs - is encrypted using workspace-scoped AES encryption before it is written to the database. The encryption key for one workspace cannot decrypt content from another workspace. This scoping is enforced at the application layer on every operation.

Binary files - uploaded PDFs, filled output PDFs, and batch import files - are stored in Azure Blob Storage. Azure applies AES-256 storage-layer encryption to all blob data. Encryption key material lives in Azure Key Vault and is not stored in application code or configuration files.

Passwords are hashed using an adaptive one-way algorithm with a per-password salt. Instafill.ai cannot retrieve or read stored passwords. Account recovery uses a verified email reset flow.

Encryption in Transit

All data transmitted between users and Instafill.ai's systems is encrypted using Transport Layer Security (TLS) 1.2 or higher. This applies to:

• The web application and dashboard
• All REST API calls
• Webhook deliveries
• Email integration

This ensures that authentication details, form data, uploaded documents, and processed outputs are protected from interception or tampering during transmission.

Data Ownership and Control

You own your data. The following commitments apply to all Instafill.ai accounts:

• No internal access - No one at BOTMAKERS LLC has access to view, edit, or manually inspect your data. All processing is handled automatically and securely
• No AI training on your data - Instafill.ai does not use your form contents, uploaded documents, or processed outputs for training AI models or improving algorithms
• Data stays in the US - By default, all data is stored and processed within the United States on Microsoft Azure. For enterprise customers, secure environments in other supported Azure regions are available on request
• Export and deletion on request - You can request a full export or permanent deletion of your data at any time by contacting the support team

Data Retention

Temporary data generated during document processing is automatically deleted within 2 business days. You may request deletion of your data at any time.

For workflows where you need zero retention, the "Remove files immediately after processing" option permanently deletes all source files and the filled PDF from Instafill.ai's servers as soon as the session completes - before any retention period applies. See Form Filling Sessions and the full feature details for how to enable it.

Monitoring and Audit

• System monitoring - Infrastructure and application health is monitored 24/7 using automated tools that track uptime, performance, and unexpected behavior. Alerts are triggered for critical events or failures
• Access logging - All access to systems, APIs, and user data processing is logged with timestamped details including origin, action type, and access level. Logs are retained for audit and compliance purposes
• Internal access controls - Admin actions are logged and limited to authorized personnel under strict access policies. No internal access to customer data is permitted
• Audit support - Enterprise clients can receive summaries of relevant audit logs or compliance-related activity reports on request, subject to data protection rules

Incident Response

If a security incident is detected, the team investigates immediately to determine scope and impact, isolates affected components, mitigates vulnerabilities, and restores normal operations as quickly as possible. If an incident affects customer data or service availability, impacted users are notified promptly with transparent updates and recommended actions.

To report a suspected security issue, contact [email protected]. All disclosures are investigated promptly.

Use Cases

Healthcare providers processing patient intake forms and credentialing documents rely on AES-256 at rest and TLS in transit to meet HIPAA technical safeguard requirements. The workspace isolation guarantee - that one patient's or client's data cannot be accessed from another workspace - is a documented architectural control rather than a policy statement.

Immigration practices filing USCIS applications handle client passport scans, I-94 records, and financial documents. The Hong LLC case study reflects a workflow where client data isolation and zero AI training on client documents are prerequisites for adoption.

Legal practices handling court filings and estate planning documents - such as Mariscal Special Needs Law - process documents containing sensitive financial and medical information. AES-256 storage encryption and TLS in transit are baseline requirements for any software handling this data.

Benefits

• AES-256 at rest - Industry-standard encryption applied to all stored files via Azure Blob Storage and Azure Key Vault
• TLS in transit - All connections encrypted using TLS 1.2 or higher, including API calls, webhooks, and email integration
• Microsoft Azure infrastructure - Hosted in a secure Microsoft Azure data center in San Antonio, TX
• Workspace isolation - Content from one workspace cannot be accessed in another - enforced at the application layer, not just by access policy
• No AI training on your data - Your documents and form outputs are never used to train or improve AI models
• Zero-retention option - Remove files immediately after processing for workflows that require no data to be stored after completion
• Deletion on request - Full data export or permanent deletion available at any time

Security Contact

For security disclosures or questions about Instafill.ai's security practices, contact [email protected].

Full security documentation is at instafill.ai/security.

Common Questions