- weboriginationAsked on March 14, 2012 at 01:55 PM
Hello. I have a client who has asked me the below question. Can you please provide the answers to these questions?
Is our data on Jotform encrypted on their servers. Do you know anything about this topic?
To be acceptable, if the data is encrypted, Jotform cannot have direct access to our forms. Essentially, the completed forms are protected by our login information.
If this data is not encrypted, and is just sitting on their servers, it is in direct violation of HIPAA and HITECH, which is a problem for us. So if it is not already encrypted, do they allow the use of a third party encryption software such as TrueCrypt?
I know that JotForm, as the owner / administrator of the server, obviously has "access" to any/all information on your servers. So, I'm wondering if this will violate the HIPPA requirements?
- gori-mathewAnswered on March 14, 2012 at 02:05 PM
As per Jotform's co-founder, Aytekin:
When you use https on the URL it only means the data is transferred to JotForm servers encrypted. It is not saved encrypted on our servers. We do everything we can to make sure our servers are secure, firewalled and always patched. However, the form submission data is not saved encrypted on our servers.
If you are planning to buy multiple Jotform subscriptions though, you might want to take a look at our Licensing Solutions, particularly JotForm Application. I think if you host the application yourself, there might be a way to have the submissions saved encrypted in your server.
Please send an email to firstname.lastname@example.org as we dont share much our data security details.
Let me know if you need more information regarding that.