Data Protection Enquirey

  • Profile Image
    Benjamin Breeden
    Asked on June 23, 2020 at 05:10 AM

    I am interested in procuring JotForms for use in my organisation but need to complete a Data Protection Impact Assessment before this can be done. This process has raised the following questions that need to be answered before procurement will be authorised:

    1. What encryption is being used when the data is in transit and at rest?

    2. What cloud security assurances are given by the provider?

    3. What is the incident management plan for the provider in the event of a cyber attack?

    4. What is the end to end flow of data on the Jotform platform once a form has been submitted?

    Any help in resolving these questions would be much appreciated.

  • Profile Image
    Bojan_J
    Answered on June 23, 2020 at 06:33 AM

    Greetings and thank you for your message.

     1. Regardless of your plan, all your forms are served across a protected 256 bit SSL (Secure Socket Layer) connection that uses a SHA256 Certificate.

     2. We use two different Cloud Platforms to host our servers. Our primary one is Google Cloud and secondary platform servers are hosted in Amazon Web Services (AWS), and they are giving the security assurance.

     3. Unfortunately, I am not able to provide you this information. You are able to send a message to the following email for additional information: security@jotform.com

     4. This depends on different factors in your form. Is your form encrypted, do you have any integrations, are there any Notifications or Autoresponders, and so on. In most cases, the submission is saved to the Jotform servers, and then other actions take place.

    Please let us know if you have any additional questions.