Can I collect bank and sensitive information in a normal form?