JotForm and CCPA Compliance
The California Consumer Privacy Act (CCPA) protects California consumers by requiring businesses to handle their online and offline data in a responsible manner. JotForm takes data security very seriously, and as such, we are CCPA compliant and never sell personal information to third-party organizations.
What is CCPA compliance?
The California Consumer Privacy Act (CCPA) is a bill created to protect consumers and enhance privacy rights for residents of California. Consumer protections under the act include the right to opt out of the sale of their personal data, and the right to access or delete their personal data.
What kind of personal data is collected by JotForm?
How does JotForm use your personal information?
JotForm treats your personal information as private and never sells any user data to third-party organizations, which includes your registration information, billing information, account settings and any form data that you collect. Your form data is owned by you, and we will never use it for purposes unrelated to our services, except for a limited set of circumstances (e.g. if JotForm is compelled to by a subpoena, or you give us permission to do so). We also safeguard email addresses and store form data on our secure servers located in the United States.
Right to Opt-Out of the Sale of Information
In accordance with CCPA policy, JotForm never sells or shares your personal information without your permission. Although we do not sell or share your personal information, you may fill out a form to opt out of us ever doing so.Opt-Out
Questions & Answers
Find answers to our most frequently asked security-related questions.
When will the CCPA go into effect?
The CCPA will be effective as of January 1, 2020, and enforcement action will start taking place on July 1, 2020. However, the law requires that companies must be able to provide users with all the data they collect within the previous 12 months upon request, which means businesses need to have a data tracking system in place before the effective date of the law.
Who and what does the CCPA protect?
The CCPA protects the privacy of California consumers by giving them the right to access and delete their personal data and decline the sale of it and requires companies to be upfront about what they do with consumer data they collect. The term “consumers” apply to California residents both currently in the state and travelling outside of it.
What are CCPA Consumer Rights?
Under the CCPA, consumers are granted the right to know exactly how businesses and qualified third parties handle their data. Consumers may make "verified consumer requests" and obtain a copy of the personal information collected about them. They may also request a business to delete their personal information unless that data is necessary for contracts or transaction and are given the right to opt out of the sale of their information. Businesses cannot discriminate against customers who choose to opt out, nor can they ask them to limit their rights via a contract.
How does the CCPA compare to the GDPR?
Although the GDPR applies to EU citizens and the CCPA to California residents, both of them protect consumers in similar ways. Both forms of compliance
- Apply to a broad range of companies and are not limited to specific industries,
- Apply to personal information collected online and offline,
- Require businesses to provide detailed explanations of how they use the personal information they collect,
- Require businesses to notify consumers of their right to access information held about them,
- Require businesses to notify consumers of their right to have their information deleted,
- Require businesses to describe the entities that they sell information to.
In addition, CCPA compliance protects consumers further by
- Requiring businesses to include a “Do not sell my personal information” link on their websites and privacy notices
- Requiring businesses to describe the information that they share with service providers