Can you answer my data protection questions

  • Profile Image
    chrismoixa
    Asked on November 08, 2017 at 06:12 AM

    Hi guys,


    We are in the process of answering a large RFP for a potential new contract. I am looking for data protection information and policies from our suppliers, so I would appreciate if you could address the following points which I believe are pretty standard:

     

    Where physically is your server hosted? Where physically is the geo-location of form data “at rest” i.e. stored (assume same as hosting location)? Are you accredited with ISO 27018? What levels of encryption do you use? How, if you perform this function, do you secure transfers between yourselves and any sub-processors? Can you please setout your emergency response procedures for remedy in case of data breach.
  • Profile Image
    Chriistian
    Answered on November 08, 2017 at 09:12 AM

    Where physically is your server hosted? Where physically is the geo-location of form data “at rest” i.e. stored (assume same as hosting location)?

    We have several servers worldwide. EU users data are mostly stored in our datacenter in Germany.


    Are you accredited with ISO 27018?

    I will need to confirm this with our higher-ups. I will get back to you on this thread if I hear from them.


    What levels of encryption do you use? How, if you perform this function, do you secure transfers between yourselves and any sub-processors? Can you please setout your emergency response procedures for remedy in case of data breach.

    JotForm is using a 256 bit high-grade encryption, which means that data is encrypted during the transmission and cannot be interrupted by anyone else. We have an SSL certificate that uses SHA256 with RSA encryption https://www.ssllabs.com/ssltest/analyze.html?d=secure.jotform.com.

    We are also Safe Harbor Certified. You can check this article for more information: Announcing JotForm's Safe Harbor Certification.


    As an added layer of security, you may also encrypt your forms. Once you have enabled your form encrypt data option, only the private key you generated and downloaded will be able to decipher it (we can't decrypt it on our end). For more information, you can check this guide: Encrypted Forms and How to Use Them.