A friend at Beaufort12 once told me that small businesses (which very much includes small nonprofits, my speciality) typically require three things to make up their database:
- mailing lists; yes we are in the world of TikTok, but this traditional method is still used to keep in touch with much of the client base
- forms; you always need to get information in from external and internal sources – whether feedback, support, data collection or even event registration
- payment collection; sounds simple but gets surprisingly complex if you move into the world of memberships or different tax jurisdictions
I have to agree. Solve these, throw in Google Workspace, and most of the technology-based tooling for a small business is solved.
Today, we’re going to tackle forms, in the form of an open letter to a UK-based, cash-poor nonprofit, handling sensitive personal information.
It’s worth noting that this letter is created with the benefit of hindsight. Having looked at various products, I realise that some products have features that I didn’t originally consider, but latterly needed to be added to the requirements list.
As a bonus, at the end, I’ve included a couple of technical architect-style considerations, just in case you’re interested.
Today I write to you with frustrating news. I wanted to let you know how the research is going into which forms product to use on your website, to integrate the data collected into Salesforce.
First, I feel it would be good to restate the requirements to ensure we are on the same (virtual) page. In no particular order they are:
- Cost: Budget is tight, so if the vendor says “please call us to find out costs”, they are highly unlikely to be within our range, after all someone needs to pay for all those sales people.
- Data centre location: Because of the ever evolving regulatory atmosphere, it is best that the data is stored and processed in the UK or – at second best – the EU. Due to ongoing legal cases, it has become apparent that storing and processing data in the US isn’t a suitable option, something many US-based commercial form suppliers don’t understand, or aren’t concerned with due to where they focus their sales activities. Again, for US-based Salesforce customers this isn’t an important consideration.
- GDPR: In the US businesses appear to have more rights than the individual… and most of our software comes from US-based companies. Any business processing UK or EU data (they don’t have to be based here) has a legal obligation explaining how they process personal data and what they store. In practice this means we should look for a statement saying whether they are compliant with the GDPR. If they duck this issue, we can’t afford the lawyers to check their compliance, so it’s time to move on. For US customers doing US-based business this isn’t a consideration which is why some options may be popular but unsuitable for use here.
- Integration: The product needs to be able to insert or update any object (custom or standard) on Salesforce. This also needs to include error handling to help with troubleshooting as internet outages occur, validation rules have unexpected consequences and people put in data in ways which aren’t always anticipated.
- Security: Requesting username and complex password isn’t strong enough due to the risk of a device (e.g. laptop) being stolen or – more likely – hacked. Just as with Salesforce, MFA is now a requirement as otherwise potentially you are giving an unwelcome third party access to all the information the customer submits on the form.
- Support: If something isn’t working, or we can’t figure out how to achieve a goal, what’s the quality of support available to help? This is a hidden cost due to the staff or consultant’s time it can take to troubleshoot problems.
- WordPress compatibility: Within your website you use WordPress, so the forms product needs to be able to sit comfortably within this. Given WordPress is ubiquitous this is not a problem and barely any sort of restriction.
- Usability for Admins: We both know Salesforce consultancy-related costs aren’t cheap; you would like to be able to maintain as much of this solution as possible yourself.
With those seven criteria in mind, I’m going to walk you through the leading contenders. I’ve summarised my findings in a chart at the end.
But first some lingo: I mention “live prefill”, this is where we can pull out data from Salesforce and display it on the form that the person is submitting. You can use this to show events attended, mailing lists signed up to, organisations that are available in the local neighbourhood, or any other data that is already stored on Salesforce.
Cost: $89 per month, billed annually, less 20% for nonprofits, without live prefill
Cost: $224 per month, billed annually, less 20% for nonprofits, with live prefill
FormAssembly is the go-to option for many non-profits. What has happened here has happened with just about every other form product. Back in the day they were good and very cheap. Once they built up their client base they raised their prices significantly but the price increases have now plateaued. To be fair, this is a path that most app vendors end up treading.
My observations are that as needs change, there is a huge jump between costs when you want to add live prefill, so it’s useful to know if this will ever be a requirement.
Also the interface is a bit dated and clunky for building forms, and for managing the logic for when form sections should and shouldn’t display, but it is definitely manageable.
Geeky, but worth noting: With more modern competitors you can hide or grey out the “Submit” button if information is outstanding. This isn’t available with FormAssembly so instead use validation rules to manage this.
Cost: $84 per month, billed annually, with no discount for nonprofits
Live pre-fill is not available
You cannot select where data is stored, so this is not an option as the company is US based.
This didn’t appear in the original review but has been added due to feedback after the original article was posted. It doesn’t make the final cut as it is “price on application”. My suspicion is that that the price has crept up over the years. Also, there is no ability to choose data centre.
Confusingly, there is a Forms for Salesforce product from the same team. The suspicion is that they bought it at some stage. It’s relatively expensive – although prices are shown – and behaves entirely differently than the core FormStack product.
Actually this is a combination of:
- Gravity Forms @ $59 per year
- CRM Perks @ $89 per year (this deals with integration with Salesforce)\
- Advanced Conditional Logic Pro for Gravity Forms @ $9 per year (this deals with your specific case of wanting a combination of information boxes filled in before details are submitted)
Live Prefill is not available.
The advantage of the Gravity Forms approach is two-fold. All the data is stored on WordPress and it’s vastly cheaper than the other options researched.
There are a few issues:
- It is actually three products, all of which offer some support but only on their specific section – so if something doesn’t happen as intended, they don’t have overall control and may indicate that another supplier is at fault.
- Reassurance. For most of these products there’s no hints as to standard compliance on their website or code review process.
- The conditional logic piece is from a small supplier which always raises questions on sustainability. The workaround is to see if you can rephrase the questions to avoid a need for such conditionality.
Cost: $34 per month, billed annually, less 50% for nonprofits, possibly including live prefill
Thanks for the recommendation to check this product out. Not perfect but from a user experience, both as someone setting it up, and as a customer, I loved it. It also slots into WordPress websites perfectly.
However, painful as it is to turn this option down, there were a few show stoppers:
Data is stored in European and US data centres, but there is no way of choosing; this means we have to assume customer data is stored in the US.Read the update at the end of this article 🙂
- MFA-protected login is not available. For us, that feels like leaving the front door unlocked in this day and age. Also there is only one login per company unless you opt for enterprise. It seems designed for password sharing which – combined with lack of MFA – is asking for trouble due to a lack of audit trails when things go wrong.
There is no error handling. That means if the integration fails for any reason there is no way of knowing what caused it, or how to troubleshoot. Some examples that come to mind are: a validation rule having unexpected consequences; field name being updated in Salesforce and no longer aligning with Jotform; or a data outage anywhere on route between JotForm and Salesforce including the thrice-yearly small overnight read-only upgrade window for Salesforce.Again read to the end! 🙂
Specifically regarding the error handling, we can set up emails to confirm that forms have been submitted, but to check this data transmission by hand removes much of the benefit of web-based (i.e. self-serve) form submissions.
We contacted Jotform and they said that our feedback had been passed to their developer team, but they were unable to give any guidance as to whether my feedback would be prioritised and incorporated, despite pressing. As there is no publicly available roadmap, we have to presume that these aren’t priorities and therefore we cannot presume that they will be added.
Cost: $150 per month, billed annually, less 10% for nonprofits, including live prefill.
Price wise this fits somewhere between FormAssembly’s two price points (with and without prefill).
Experience has shown that this is not a particularly “Admin” user-friendly product. It has all the features and is powerful, however to edit the forms is not intuitive, so requires a learning curve which makes it frustrating to use, and takes up staff/consultant time.
It has a weird take on mobile responsive layouts – in that you need to specifically design for desktop, tablet and mobile separately so it does not resize if there is an unexpected form-factor. Also it does not automatically resize if a recaptcha is shown, leading to additional display issues.
Some other products workaround this by allowing you to paste the entire HTML of the form – not an approach I like, but it would resolve the issues – but this is not available with Titan.
Cost: $19.99 per month, billed annually; live prefill not applicable.
Often heralded as the saviour to everything I list it here to merely rule it out and show it has been considered.
Zapier only works if you consider every scenario. With limited prompting and little error handling it exists to connect different systems and doesn’t provide anything by itself. It appears to be a cheap product, but the cost saved is more than outweighed by the development time of having to build everything, including the logic of when to update or not to update a record, how to handle each and every error and everything in between. Better to choose a product that includes this as standard.
No product is perfect, and I absolutely love much of what Jotform has done, but only FormAssembly, and the Gravity Forms combo, currently meet your requirements. Jotform may be one to watch for the future.
Any errors in the grid below are my own. Prices and features checked in October 2022. Feedback from those I’ve mentioned and readers very welcome. Comments are also open below.
|Cost per month||$89||$84||$13.09||$34||$150||$19.99|
|Data centre location||No*||No||Yes||Yes||Yes||No|
|Error handling||Yes||Yes||Yes||In Development||Yes||Yes|
|Security (MFA)||Yes||Yes||Yes, via|
|Usability for Admins||OK||OK||Clunky||Good||Poor||OK|
*only on Enterprise plans, for which it is price on application (i.e. too expensive for most).
**Gravity Forms explains how it meets customer’s needs over GDPR, but doesn’t explain explicitly whether it meets GDPR requirements. As customer data is all being processed on your WordPress website, my non-binding, non-legal, take is the only item at risk of non-compliance is the credit card used to purchase the software and perhaps buyer’s details, rather than data from any of the customers.
NOVEMBER 2022 UPDATE: The article originally said that Jotform didn’t support the choosing of an EU data centre. This information was based on an poorly worded Jotform support ticket which was thrown up as the first result on Google. Jotform contacted me to highlight that there is a single easy-to-access checkbox, that is available on all plans, and will move the data to their EU servers (and off their US servers). Also, Salesforce-specific error logging is under development although I don’t have a timescale; it is already available for some of their other integrations. Definitely one to watch!
Appendix: Extra Technical Considerations… Gold Dust!
Often rather than splitting a form across multiple existing records, it’s useful to put all the data into a new object, and let Salesforce do the work of updating/inserting existing records. That way you’ve got all the original data into Salesforce, but if there is any problem with it, then processing stops and you can analyse it wholly within the Salesforce platform.
Automation / Logic Handling
Handle as much logic and automation within Salesforce as you can. Your skills are Salesforce-based, therefore it’s quickest and easiest to do this on Salesforce, as that’s what you’re familiar with, and it makes consequences far easier to spot and understand when you are changing some logic.
If you have live pre-filling, you can use a checkbox on Salesforce to indicate that a form has been filled in, and then show an information box (instead of the form) to say “This form/survey has already been filled in” in the appropriate scenario.
Some products advertise that you can update a record by including the record ID in the URL as a pre-fill. This isn’t live, so if Salesforce is updated in the meantime, potentially older information from the pre-fill can overwrite Salesforce’s data.
Unfortunately this means that the URL can be hacked to update other records, simply by someone changing part of the URL which refers to the record ID. In this case it’s useful to include some checks such as a randomish long string that must also be matched, if the record is to be successfully updated, and other records are to be somewhat protected.
Want more? Subscribe to the my blog over on the right hand side. I also try and highlight interesting Salesforce tidbits via @NaturallyPaul on Twitter (although other passions creep in too).