- ProspectAsked on November 17, 2017 at 04:49 PM
My forms will have sensitive information. I can only store in my database on my server...
- JotForm SupportJim_RAnswered on November 17, 2017 at 05:36 PM
Hello Todd - Yes, we store all your submissions data. All submissions on your form are gathered within your form's SUBMISSION PAGE.
Security-wise, I can honestly say that we're providing the best in the online form builder industry. JotForm is PCI DSS Service Provider Level I Compliant which means we’ve passed several tests required for certification. This includes a penetration test, internal scan, and an annual report on compliance by a third party security assessor, among other requirements.
Also, the Forms and Submissions are transmitted securely with a 256 bit high-grade encryption, which means that data is encrypted during the transmission and cannot be interrupted by anyone else. We have an SSL certificate that uses SHA256 with RSA encryption which you can test here if necessary.
Related article: All-Forms-are-Now-Secured-by-Default
If you prefer to store your submissions to your own database, this has to be done outside JotForm with the help of your developer. He can create his own PHP script to send the submission data to your MySQL database.
Complete guide: How-to-send-Submissions-to-Your-MySQL-Database-Using-PHP
And if that's not an option, or if you don't have a developer that can program this for you, using Zapier as the middleman is a good alternative.
- ProspectAnswered on November 17, 2017 at 05:43 PMThanks for the detailed response. The forms are for a health insurance agency and need to be HIPAA compliant. Your response says the data is encrypted during transfer, but what about at rest in your systems?
- JotForm SupportJim_RAnswered on November 17, 2017 at 06:08 PM
JotForm isn't HIPAA compliant but can be used in a HIPAA compliant way. Please check this thread for an in-depth discussion.
It's worth mentioning that BAA's are available upon request for Enterprise Plan users only. If you're interested in this tier, kindly go to the page below, click the CONTACT JOTFORM button and fill out the form so our Sales Team can get in touch with you.
Your response says the data is encrypted during transfer, but what about at rest in your systems?
To encrypt stored data (at rest) you can enable FORM ENCRYPTION. While a secure HTTPS form encrypts data in transfer, an encrypted form encrypts the stored data on top of that. There is no way to decrypt the stored submission data without the correct private key. For ultimate security, we do not store the private keys on our end when you use encrypted forms.
We have an FAQ page that covers most questions related to form encryption so if you have time, kindly review the guide below.
Complete guide: What-Are-Encrypted-Forms-and-How-to-Use-Them