Security of JotForms

  • AxMann
    Asked on August 14, 2014 at 11:58 AM

    Hi,
    The company I work for would like to use JotForms, if it supports our requirements. Could you please answer the Security related questions below?:

    1 SECURITY
    a Do you have any kind of Security audit or certification?
    i. HIPPA (at least)
    ii. PCI (preferable)
    b Where are your data storage servers (in-house, third
    Party (e.g. Box))
    c Can we collect CREDIT CARD information, but not actually process the cc? I.e. we keep this information as a type of deposit only to be used in the very unlikely event of a client not sending us funds to cover a deal they booked.
    d Can we encrypt certain fields (like Social Security) so that only ***** is ever shown (from form to database), unless a staff member has an encryptions key.
    e Email Verification: 2 step (2 form) process:
      a) first form collects the client’s name and email address,
      b) a verification email is sent to that email address containing a link to the main (2nd) form

    Many thanks,
    Axel

     

  • Jeanette JotForm Support
    Replied on August 14, 2014 at 3:08 PM

    Hello Axel, let me answer your questions:

    1     SECURITY
    a     Do you have any kind of Security audit or certification?

     We allow customers to embed a form using our SSL servers in order to get encrypted data through secure submissions .  This means the information that flows between  two points is encrypted using a asymmetric algorithm.  We use a 256-bit Godaddy SSL Certificate. 

    i. HIPPA (at least) Please read this post

    ii. PCI (preferable)

    c Can we collect CREDIT CARD information, but not actually process the cc? I.e. we keep this information as a type of deposit only to be used in the very unlikely event of a client not sending us funds to cover a deal they booked.

    JotForm cannot store credit card information in a PCI-compliant manner. Thus, we disallow collection of any type of financial data using our forms.

    If you would like to accept credit card payments, you can use our ready-made integrations with some of the most popular payment gateways, such as Paypal, Stripe, Authorize.Net  among others.

    http://www.jotform.com/help/47-Order-Form-Basics

    With these integrations, JotForm does not store credit card information and merely transmits them to the chosen gateway (for processing) in a secure manner (SSL).

    d.Can we encrypt certain fields (like Social Security) so that only ***** is ever shown (from form to database), unless a staff member has an encryptions key.

    eEmail Verification: 2 step (2 form) process:
     a) first form collects the client’s name and email address,
     b) a verification email is sent to that email address containing a link to the main (2nd) form

    The answer is no, we do not provide encryption key, however, you might want to use the source code of the form and hire a programmer to do this job for you so SSN can be transmitted encrypted. We do not also verify emails. You can enable email confirmation in the email field though.

    For further questions, please open a single thread per each unrelated questions, and we will gladly assist you.