Clarification on the Terms of Service

The Terms of service state that "You may not use the JotForm Service to collect certain types of sensitive information including credit card information".  However, the form builder assists customers in the process of collecting card information, which seems to contradict the terms and conditions.   Can you please clarify?

On a related topic, we plan to collect debit card information including card number.  How long does JotForm keep that data before destroying it?  Can I specify 7 days for example?

Finally, the terms and conditions under the "Forms and Submissions" section states that "you grant JotForm, Inc. a worldwide and fully sublicensable license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform, and publicly display your Forms and Submissions (in whole or in part) in any format or medium...."   

     - Does this give JotForms full access to sensitive customer information, such as debit card payment information?

For security of the card data, which JotForms service would you recommend?

Thank you.

Due to our PCI certification, we are required to deny the collection of credit card details on regular forms.

However, we have other PCI-compliant ways to do this. All you need to do is choose any of the payment processors available in our platform in order to integrate in your forms. You still won't be able to collect credit card details directly though.

If you only want to collect your customer's payment details and charge them at a later date, you can take advantage of a feature called "Payment Authorization". To learn more, kindly follow this guide on How to Enable Payment Authorization.

How long does Jot Form retain the data that is submitted in the form?  Can we set the data retention to 7 days?   How is the data destroyed?   

Finally, the terms and conditions under the "Forms and Submissions" section states that "you grant JotForm, Inc. a worldwide and fully sublicensable license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform, and publicly display your Forms and Submissions (in whole or in part) in any format or medium...."   

     - Does this give JotForms full access to sensitive customer information, such as debit card payment information?

For security of the card data, which JotForms service would you recommend?

Your data will be kept forever but you can delete the data manually anytime you want. Guide: https://www.jotform.com/help/377-How-to-Delete-Form-Submission-Data

We only access submissions data for administrative purposes with your consent, Ex. when providing customer support that involves data checking and verification.

Just to clarify further on the credit card collection, this is extremely prohibited so it is not allowed to use standalone input fields to collect credit card details. You must use any of the payment integrations e.g. Paypal to process payments securely. Some of the payment integrations have built-in credit card fields but these are not stored into our server. They are passed directly through payment gateways API where payments are handled.

Thanks for clarifying.    Which JotForm service would provide the following:

   - Secure (SSL/Encrypted) data entry

   - Electronic signature at the bottom of the form

   - Report that shows when the form was submitted

   - Secure storage of the completed forms (Access granted only to our staff)

 Thanks!

Those are all provided by JotForm.

1. We provide SSL forms (HTTPS) by default

2. We have signatures widgets that you can add in your form https://widgets.jotform.com/search/signature

3. You will receive email notifications when your form is submitted http://www.jotform.com/help/41-Finding-out-E-mail-Address-used-for-submission-notifications

4. All data are stored on a secure server.

To learn more about JotForm security, check this page https://www.jotform.com/security/