Best practices for securely routing sensitive PDF intake data into a CRM for a Family Law practice?

John_R_Stallings · May 28, 2026, 1:08pm

What is your goal?

Hi everyone,

I am working on automating the client intake workflow for our divorce and family law practice. Right now, new clients fill out a confidential intake form (often containing sensitive financial and personal history).

What is the problem?

Because this is family law, data privacy (HIPAA/client confidentiality) is incredibly important. Has anyone built a similar workflow? Are there specific form tools (like Jotform Enterprise or Typeform) that you’ve found integrate best with Make while maintaining strict legal data security?

Henk-Operative · June 2, 2026, 3:07pm

Hello @John_R_Stallings,

On Make’s side, you would want to turn off logging in the scenario settings. This will make sure data only passes through and is not stored. Still, if you need a strict HIPAA conform solution then Make is not compliant. (But HIPAA is for the Health sector, not law? For a family law practice the relevant standard is usually client confidentiality and, for EU clients, GDPR, rather than HIPAA. Worth confirming with someone legal though.)

Then for any form tool, honestly, the form choice matters less than how you handle the data downstream. That said, Jotform (Enterprise) is the stronger pick here over Typeform: it offers encryption at rest, signed agreements (BAA/DPA), audit logs and regional hosting, and it integrates with Make just as well. Even if you are not technically under HIPAA, those features are a good proxy for the protection level you want. Or consider building your own forms, hosted by yourself.

A couple of things that matter more than the tool itself:

Turn off or minimize logging as mentioned, and keep data retention as short as possible.
Get a DPA in place with Make, and set up your Make org in the EU zone if data residency matters (you pick this at creation only)
Where you can, let Make pass only a reference (a record ID) instead of the full intake, so the sensitive content lives in your secured storage and Make just orchestrates.

So in short: Jotform Enterprise + logging off + a reference-based flow rather than pushing the full sensitive payload through Make.

Cheers,
Henk

Topic		Replies	Views
Need Make Expert to Finalize Automation Between JotForm → Data Store → PDFMonkey (Cleaning Report System) Hire Help	8	116	November 7, 2025
Is there a way to integrate PDF form filling services with Make? Questions functions , connections , api	1	500	May 30, 2024
Security of my data in Make Questions	2	1369	June 27, 2024
Sign BAA for HIPAA Compliance Questions webhooks , connections , api	1	510	December 3, 2024
Can Make help me fill out pdfs from incoming emails? Questions mapping , webhooks , connections , airtable , api , make-automation , pdf	3	123	July 18, 2025

Best practices for securely routing sensitive PDF intake data into a CRM for a Family Law practice?

What is your goal?

What is the problem?

Related topics