Keeping the data you collect protected and secure should be one of your top priorities. The people you collect data from trust that it will be safe in your hands. That trust is central in the relationship between you and your customers, clients, or participants.
There’s also a reason why so many laws and regulations surrounding personal data exist, and why the consequences of violating them can be much more than a headache to deal with.
We take security very seriously at Jotform. Our developers have worked on ensuring that our company’s services follow several security guidelines so that the data you store with us is safe. Here, we’ll break down five of the protocols Jotform follows.
What are security protocols?
In a general sense, protocols are sets of standards and guidelines focused on the handling and storage of personal information.
Some of these are legal guidelines that grant privacy rights. They ensure that anyone handling sensitive information about an individual doesn’t violate those rights. These protocols also require high-level security for data like credit card numbers and personally identifiable information.
At Jotform, security is our number one priority. Here are a few protocols we adhere to in order to make sure your data is safe and secure.
1. PCI DSS
The Payment Card Industry Data Security Standard, or PCI DSS, is a set of security standards for credit card processing. These guidelines were developed and set up by the largest credit card companies, including Visa, Mastercard, American Express, JCB (formerly Japan Credit Bureau), and Discover.
Jotform itself doesn’t process payments. Instead, we work with widely trusted payment processors like PayPal, Square, and Stripe. Still, we wanted to make sure we provide the best security possible and pursued PCI certification on top of our partnerships with payment processors.
In fact, Jotform is Provider Level I certified, meaning we’ve attained the highest level of security under PCI standards. As a result, you and your customers can trust that any credit card information you collect with Jotform is in safe hands.
PCI DSS certification applies to Jotform as a whole, so no matter what plan you’re on, you and your data are protected.
The Health Insurance Portability and Accountability Act, known as HIPAA, is a U.S. federal law focused on keeping personal medical information private and protected.
This law applies not just to medical professionals but also any parties involved in handling patient information. For example, if a doctor uses Jotform to collect patient data, Jotform is considered a covered entity that must abide by HIPAA regulations.
Jotform has specific features that add an extra layer of protection to your data.
Let’s say you’re a doctor who wants to streamline your appointment scheduling process. You can use one of Jotform’s HIPAA-friendly form templates and share it with your patients to quickly schedule an appointment. You can further protect your data by requiring a password to access your forms.
You’ll also be able to send intake and consent forms that require a patient’s e-signature with Jotform Sign.
Jotform’s HIPAA features are available on Gold and Enterprise plans.
GDPR, which stands for the General Data Protection Regulation, focuses on how the personal data of European Union residents is collected and handled. This regulation applies to any entities that collect data on EU residents, even if a company isn’t based in the EU.
While we’ve worked hard to follow GDPR’s standards, we also want to keep compliance simple for our users.
The Jotform Data Processing Addendum, otherwise known as DPA, is a document signed by Jotform that shows you how to use our services in a GDPR-compliant manner.
This document conveys your responsibilities as the data controller and ours as the data processor. All you have to do is submit your company’s information and your signature on its behalf. Learn more about the DPA here.
You can maintain GDPR compliance while using Jotform in a variety of ways. For instance, if a U.S. nonprofit uses Jotform to collect donations from European residents, the organization can sign the addendum and store their data on our EU servers.
You can use Jotform in a GDPR-compliant way, regardless of what plan you’re on.
The Family Educational Rights and Privacy Act, abbreviated as FERPA, is a U.S. federal law that gives parents the right to access their children’s academic records and request changes to said records.
Under FERPA, a child’s data can’t be shared without the parent’s written consent. Once a student turns 18 or graduates high school, whichever comes first, these rights are transferred to the student.
If you’re an educator who wants to send a letter of recommendation to a potential employer on behalf of a student, you’ll need written consent from the student or their parents. Luckily, Jotform has online FERPA consent form templates for this and other purposes.
Since FERPA’s language can be complicated, Jotform provides a guide that breaks it down.
All Jotform users can use our features in a FERPA-compliant way as long as they protect student privacy.
5. SOC 2
System and Organization Controls 2, or SOC 2, lays out security guidelines for Software-as-a-Service (SaaS) companies. Although following SOC 2 is voluntary, our efforts to do so underscore our dedication to upholding security measures.
Jotform has made sure to adhere to the five SOC 2 Trust Service Principles: security, confidentiality, availability, privacy, and processing integrity. We incorporate these principles into our systems with several features, including password protection and form encryption.
Enterprise companies that collect sensitive data should always prioritize security. With Jotform, you’ll be able to protect information by setting up password protection and data encryption so data remains accessible only to authorized users. You can also opt to have your servers provisioned in our SOC 2-compliant environment to ensure maximum security.
SOC 2 compliance features are available to Enterprise users only.
Jotform is dedicated to maintaining your data’s security
Protecting your data will always remain our top priority, no matter how you use Jotform. The five security protocols discussed here are just a few of the measures we take to keep your data safe. Our developers are continuously looking for new ways to improve security.
For example, Jotform’s safety features go beyond compliance. If you want to increase the security of your forms even more, you have the option to add CAPTCHA verification or restrict repeated IP addresses to prevent spam. You can also restrict access to the data you collect through your forms with our recently improved form encryption.
Whenever you use Jotform, rest assured that we have multiple measures to safeguard your data and will always put security at the top of our list — another reason why we’re the best option for you.
Thank you for helping improve the Jotform Blog. 🎉