Flagging Sensitive Data Fields


Per the TrustedForm EULA, the TrustedForm service may not be used to capture sensitive consumer data. Examples of sensitive data include credit card numbers, bank account numbers, social security numbers (SSNs), and driver license numbers. If you place the TrustedForm script on a site that collects sensitive data, you must flag these fields.

How Do I Protect Fields with Sensitive Data Flagging?

TrustedForm allows you to flag any or all sensitive fields of consumer data. When this feature is used, we apply a cryptographic hash to the flagged fields making it infeasible for anyone, including us, to store, retrieve, reverse-engineer, or utilize the data that was volunteered by the End User in that flagged data field.

When a TrustedForm video replay is viewed, the data in a flagged field will be seen only as a series of asterisks. In order for you to protect sensitive data and still have a recognizable certificate for compliance, we recommend only flagging fields that truly collect sensitive data.


Flagging Individual Fields as Sensitive Data

By default, fields data collected in form inputs is not considered sensitive by the TrustedForm script. If you use the TrustedForm script as provided and do not flag any fields as sensitive, the script will capture any fields filled out while the script is active on the page.

To protect data, flag the individual, sensitive fields as follows:


An example field would look like:

<input type="text" name="ssn" data-tf-sensitive="true" />

Flagging Images as Sensitive Data

By default, all images on the page are captured as part of the video replay. If you wish to hide an image on the page, you may use the data-tf-sensitive="true" attribute on the image tag. The image will be replaced by a placeholder that indicates it has been hidden by you.

An example image would look like:

<img src="graphic.jpg" data-tf-sensitive="true" />

Treating All Fields as Sensitive Data

TrustedForm also supports the ability to treat all fields as sensitive data. When this option is selected, you can flag individual fields that you don't want to be treated as sensitive.

In order to switch to this option, toggle the invertFieldSensitivity variable in the TrustedForm script to true.

When the invertFieldSensitivity variable toggle is enabled, you must explicitly mark fields you want TrustedForm to capture:

<input type="text" name="phone" data-tf-sensitive="false" />


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


You must be logged in to comment.