Form Encryption: Request to be able to decrypt data to get CSV or XML file

  • Profile Image
    cymorg 
    Asked on March 21, 2018 at 12:38 PM

    Prepurchase questions: Securing sensitive personal data

    Can JotForm be used in such a way that we can collect highly sensitive personal info. (medical, financial, legal) from our customers safely & securely?

    I see we can opt to store our info. on EU (German) servers.  Fantastic.

    I see some kind of encryption is available but it's not clear how that works.

    The last thing we want is unencrypted info. being sent by email.  In fact we don't want email at all.  We'd rather the data was encrypted & stored within the EU then we download the results on demand.

    Is that feasible? 

    Also, do JotForm sign data processer agreements with clients?  We can't proceed with our planned online forms without such agreements.

  • Profile Image
    aubreybourke
    Answered on March 21, 2018 at 02:06 PM

    Can JotForm be used in such a way that we can collect highly sensitive personal info. (medical, financial, legal) from our customers safely & securely?

    Yes we use encryption to transport your data. And you can enable additional encryption for your stored submissions. Please view our security page for more information:

    https://www.joform.com/security

     

    I see we can opt to store our info. on EU (German) servers.  Fantastic.

    Yes we store European data in Europe.

     

    I see some kind of encryption is available but it's not clear how that works.

    Basically you enable it. Then generate your keys. You need to download your private key (and keep it safe. If you loose your private key you cannot decrypt your data).

     

    The last thing we want is unencrypted info. being sent by email.  In fact we don't want email at all.  We'd rather the data was encrypted & stored within the EU then we download the results on demand.

    Once your form is encrypted you wont be able to use reports, emails, or Download your data. The only thing you can do is view you data on the JotForm submissions page.

     

    Is that feasible? 

    Yes, please read this guide for full instructions on encryption:

    Encrypted-Forms-and-How-to-Use-Them

     

    Also, do JotForm sign data processer agreements with clients?  We can't proceed with our planned online forms without such agreements.

    We are currently on track to be GDPR compliant by the deadline (25th May 2018).

    Not sure if we provide a DPA. What plan were you interested in purchasing? I will wait for your reply to escalate the DPA request.

  • Profile Image
    aubreybourke
    Answered on March 21, 2018 at 03:33 PM

    Unfortunately its not possible to decrypt your downloaded data. We don't have any tool to do it. Downloads are only possible if encryption is turned off. We don't support XML. But you can download unencrypted submissions in Excel/PDF/CSV formats.

    If you like I can submit a feature request for a tool to decrypt downloads?

  • Profile Image
    cymorg 
    Answered on March 21, 2018 at 07:27 PM

    @aubreybourke

    A feature request for a tool like that would be great.  I understand such requests go into a pipeline for decision, development, testing & finally delivery so I wouldn't expect a swift turnaround, nevertheless please put it in as a development request and we'll see what happens.  My organisation has been, and will be, around for a long time (gov. sector) and our appetite for forms is endless so we'll surely be back to consume the product if it can fully meet our needs.

  • Profile Image
    Mike
    Answered on March 21, 2018 at 09:54 PM

    We use RSA 2048-bit keys, so in theory, you can decrypt the data locally. Unfortunately, we do not currently offer an app for this, so we have escalated a feature request ticket to our developers. There is no ETA for when this will be implemented, but we will let you know if we have any updates.

  • Profile Image
    cymorg 
    Answered on March 22, 2018 at 09:25 AM

    @Mike

    I'm aware I can decrypt the data myself and I'm quite willing to build my method to do that however Aubrey states that the download option is turned off when encryption is turned on.  

    If I can download the encrypted data for later decryption locally then we might be good.  Can you confirm that we can do that?

  • Profile Image
    BDAVID
    Answered on March 22, 2018 at 10:48 AM

    Unfortunately, it is not possible to download the encrypted data. 

  • Profile Image
    aubreybourke
    Answered on March 23, 2018 at 12:26 PM

    Sorry for the confusion. 

    Just to clarify, it is possible to download your submissions in Excel/PDF/CSV formats. However it will be encrypted. So you wont be able to access it.


  • Profile Image
    tina
    Answered on April 13, 2018 at 04:55 AM

    Great news! JotForm is GDPR compliant now. You can find more details here: https://www.jotform.com/gdpr/

    Also, we offer data processing addendums (DPAs) for our customers that operate in the EU. If you would like to sign a DPA, Feel free to send your request: https://www.jotform.com/gdpr/dpa/