Per the TrustedForm EULA, the TrustedForm service may not be used to capture sensitive consumer data. Examples of sensitive data include credit card numbers, bank account numbers, social security numbers (SSNs), and driver license numbers. If you place the TrustedForm script on a site that collects sensitive data, you must flag these fields as such with this feature.
How Do I Protect Fields with Sensitive Data Flagging?
TrustedForm allows you to flag any or all sensitive fields of consumer data. When this feature is used, we apply a cryptographic hash to the flagged fields making it infeasible for anyone, including us, to store, retrieve, reverse-engineer, or utilize the data that was volunteered by the End User in that flagged data field.
When a TrustedForm VideoReplay is viewed, the data in a flagged field will be seen only as a series of asterisks. In order for you to protect sensitive data and still have a recognizable certificate for compliance, we recommend only flagging fields that truly collect sensitive data.
Flagging Individual Fields as Sensitive Data
By default, no fields are considered sensitive by the TrustedForm script. If you use the TrustedForm script as provided and do not flag any fields as sensitive, the script will capture any fields filled out while the script is active on the page.
To protect data, flag the individual, sensitive fields as follows:
An example field would look like:
<input type=“text” name=“ssn” data-tf-sensitive=“true” />
Treating All Fields as Sensitive Data
TrustedForm also supports the ability to treat all fields as sensitive data. When this option is selected, you can flag individual fields that you don't want to be treated as sensitive.
When the invertFieldSensitivity variable toggle is enabled, you must explicitly mark fields you want TrustedForm to capture like so:
<input type=“text” name=“phone” data-tf-sensitive=“false” />