What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Looking for SOC 2 or SOC 3 audits and PII policy

    Asked by bhackett75 on April 20, 2015 at 01:13 PM

    Hello, 

    We are working with TROY University on marketing efforts and are utilizing JotForm for lead generation data capture on 2 marketing landing pages we've developed.  They requested information about the company that is hosting the data. Specifically, they need a data security assurance document that describes how you are handling the data for these prospects as well as your security practices and policies.  We sent them the link to your privacy policy (http://www.jotform.com/privacy/) and they said that was helpful, but what they need in addition to is 'a SOC 2 or SOC 3 audit in addition to PII policy'.  They said they can/will sign a NDA if needed. 

     

     

     

    They are anxious to receive this, so your timely response would be greatly appreciated. 

     

    thanks and please let me know if you have any questions or concerns. 

     

     

    Page URL:
    http://www.troy.edu/spirit/

    JotForm PII policy SOC 2 audit SOC 3 audit
  • Profile Image

    Answered by Ben on April 20, 2015 at 02:30 PM

    I am not personally familiar if our company has these data or not, so I will raise this to proper people and they will reply back to you with the details.

    Based on a quick search I have found these links to answer what the documents actually are:

    Service Organization Controls (SOC): https://en.wikipedia.org/wiki/Service_Organization_Controls

    Personally Identifiable Information (PII): https://en.wikipedia.org/wiki/Personally_identifiable_information

    I am not sure when you have checked this, but we have recently had a change in our Privacy Policy due to addition of Safe Harbor certification details - which might give you a bit more details to the data that you are looking for.

  • Profile Image

    Answered by bhackett75 on April 23, 2015 at 04:58 PM

    Hello - 

    I was wondering if there was any update with gathering the information our Client, TROY University has requested.  Specifically, they need a data security assurance document that describes how you are handling the data for these prospects as well as your security practices and policies.  We sent them the link to your privacy policy (http://www.jotform.com/privacy/) and they said that was helpful, but what they need in addition to is 'a SOC 2 or SOC 3 audit in addition to PII policy'.

     

    Thanks again for your assistance

  • Profile Image

    Answered by Ben on April 23, 2015 at 06:06 PM

    Unfortunately we do not have these documents available and all I can give you is the link to this thread: is JotForm HIPAA Compliant?

    While it is not giving you the info shown within SOC2, SOC3 and PII it will give you additional info about JotForm.

    At this time there is no other documentation to take a look at, but as soon as we add, we will add it to Privacy Policy page.

    Even thought we do not have them, I must tell you that we take security and privacy very seriously and as such, we do everything with these 2 in mind and never without them.

  • Profile Image

    Answered by TLHaydt on October 25, 2016 at 04:53 PM

    Any update on this ??  Is there a SOC2 now available?

  • Profile Image
    JotForm Support

    Answered by Kiran on October 25, 2016 at 10:40 PM

    Unfortunately, there is no update in this regard. We request you to take a look at our Privacy Policy page for any information regarding the data security. As suggested by our colleague in his earlier response, please refer to the link to the thread is-JotForm-HIPAA-Compliant for more information on security.

    Hope this information helps!