Compliance, Data Security and GDPR

  • Profile Image
    sbrads9792
    Asked on July 09, 2018 at 02:34 PM

    Dear Jotform,

    THere are some concerns from our compliance dept with regards to the use of Jotform.

    I have copied a snipeet of an email below for your perusal and hopefully you will answers.

    Email points raised:


    "Please see below an outline of the concerns that have been raised by IT in regards to the use of Jotforms. Please could you review and provide commentary regarding the potential issues that have been identified?

     

    Form data is stored on servers located in the United States and Germany.

    They also stipulate that data may be processed or passed to it’s subsidiaries outside of these countries, and if it is processed or passed to the US it will not be under the same data protection laws/protections.

     

    Jotform Inc. treats your form questions and responses as information that is private to you, unless you have made your form questions and responses available via a public link. Jotform Inc. knows that, in many cases, you want to keep your form questions and responses (which we collectively refer to as “form data”) private. Unless you decide to share your form questions and/or responses with the public, such as by making the form questions and responses available via a public link, Jotform Inc. does not use your form data other than as described in this privacy policy, or unless we have your consent. We do not sell or make available your form data to third parties without your permission.

    As some of the forms are being indexed by Google, I’m not confident the data being collected is not being processed or shared in any other way outside of what’s covered in the privacy policy. "

    End of Email

    Jotform...can you please respond in order for me to hold a strong case to continue Jotform use.

    Thank you

    Steve Bradshaw

  • Profile Image
    roneet
    Answered on July 09, 2018 at 03:10 PM

    They also stipulate that data may be processed or passed to it’s subsidiaries outside of these countries, and if it is processed or passed to the US it will not be under the same data protection laws/protections.

    All form data on our server are secure. We have a very powerful cloud of servers in SSAE16 Audited facilities which provides security protection against malicious attacks like SQL injection and denial of service (DOS) attacks.

    If you use SSL/secure form URL to accept submission, the data transferred from your browser to our server will also be secure. We support high-grade 256-bit encryption.

    You have option where you can select if you want the form data to be secured. You can use the secure / SSL form URL or embed script. 

    Here is a guide on how to receive SSL submissions: http://www.jotform.com/help/63-How-can-I-receive-SSL-Submissions

    If you want your form user to know that their data will be sent securely, you can add enable security certificate seal in your form. Here is a guide which you can refer:  http://www.jotform.com/help/131-Enabling-Security-Certificate-Seal-on-Secure-Forms


    As some of the forms are being indexed by Google, I’m not confident the data being collected is not being processed or shared in any other way outside of what’s covered in the privacy policy.

    There is no way to protect the forms from search engines. If the form is linked from a public page, a search engine bot can find it and list it. 


    What you can do is instead of sharing the form URL directly, put the form code on your site, and then share that with others. Then you can use robots.txt to make sure that the form is not listed by search engines. 


    Hope this helps!

    Thank you!