Encryption

  • Profile Image
    natsteeljk
    Asked on February 05, 2020 at 02:04 AM

    Hello,

    I would like to check with you regarding the encryption of forms and signatures.

    As I am designing a form with e-signature, I would like to understand how are signatures and forms' responses saved as encrypted format? I understand that due to PDPA, employees’ signature in the database must be encrypted. Can you please advise if all the signatures were saved as encrypted format?  

  • Profile Image
    mertcankat
    Answered on February 05, 2020 at 08:36 AM

    Hi,

    Yes, all e-signatures saved as encrypted format.

    If you want another layer of security on top of the already secured forms and submissions we offer, you can check Encrypted Forms. Please check this guide for more information: https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them

    Also you can upgrade your account to Silver or Gold for HIPAA Compliance.

    1580907140Screen Shot 2020-02-05 at 15.4

  • Profile Image
    JoeyKoh
    Answered on February 06, 2020 at 07:30 PM

    Hi,

    Just to confirm, both the e-signature's file and the PDF copy of the responses will be saved in encrypted format?

  • Profile Image
    Joeykoh96
    Answered on February 06, 2020 at 07:58 PM

    Hi,

    Is it possible to encrypt only the e-signature in Jotform database?

    We would like to understand how Jotform manage the e-Signature at the backend, if we use unencrypted forms?

  • Profile Image
    VincentJay
    Answered on February 06, 2020 at 09:44 PM

    Just to confirm, both the e-signature's file and the PDF copy of the responses will be saved in encrypted format?

    If you enable the Encryption to your form, yes, all data will be encrypted and only you can decrypt it using a Jotform key. For more information, please check this guide: https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them

    Is it possible to encrypt only the e-signature in the Jotform database?

    No, you can only do that if you're a HIPAA account. You can choose what field you want to be encrypted. Here's a link for more information: https://www.jotform.com/help/518-How-to-set-PHI-fields-on-your-forms

    We would like to understand how Jotform manages the e-Signature at the backend if we use unencrypted forms?

    I would suggest to try it on your end to see what you want to achieve. 

    You can also check our Security page: https://www.jotform.com/security/

    Do you want to collect the E-signature but you do not want to save it on our server? Could you please provide more information on what you want to achieve?

  • Profile Image
    Joeykoh96
    Answered on February 06, 2020 at 10:39 PM

    Hi,

    We would like to understand how are these responses stored on Jotform database.

    Is Jotform able to read our responses? How are these files "encrypted" or managed to ensure that these data are not accessible by anyone else other than my account?

  • Profile Image
    AshtonP
    Answered on February 07, 2020 at 02:07 AM

    We would like to understand how are these responses stored on Jotform database. Is Jotform able to read our responses? How are these files "encrypted" or managed to ensure that these data are not accessible by anyone else other than my account?

    Submission data is stored in a secure format and no one else can read it. Submissions are encrypted with high-grade RSA 2048 right at the user's computer then transferred and stored in our servers securely.

    You are the only one holding the private key- nobody except you can access your data. Notifications will alert you when an encrypted response is received, and you can use your private key to read them.

    I suggest you please read these articles for more details:

    Link 1: https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them#What-Is-the-Difference-Between-a-Secure-Form-and-an-Encrypted-Form

    Link 2: https://www.jotform.com/security/

    Hope this helps! Let us know if you need additional assistance.

  • Profile Image
    natsteelhr
    Answered on February 07, 2020 at 02:23 AM

    Hi,

    Thank you for your responds. As I understand that by encrypting my forms with a private key, it creates the potential risk of losing my responses if I lost the key.
    Without Encrypting the files, may I understand if the "Submission data is stored in a secure format and no one else can read it. Submissions are encrypted with high-grade RSA 2048 right at the user's computer then transferred and stored in our servers securely" still works?


  • Profile Image
    VincentJay
    Answered on February 07, 2020 at 05:05 AM

    As I understand that by encrypting my forms with a private key, it creates the potential risk of losing my responses if I lost the key.

    - This is correct. Please keep your Jotform key safe. 

    Without Encrypting the files, may I understand if the "Submission data is stored in a secure format and no one else can read it? Submissions are encrypted with high-grade RSA 2048 right at the user's computer then transferred and stored in our servers securely" still works?

    - It is secured as long as you do not share your Jotform account with others. To view your submissions, please follow this guide: https://www.jotform.com/help/269-How-to-View-Form-Submissions

    If you do not want us to store your submission data, we have an app that will delete all incoming submission data immediately. 

    You can store your submission data to your Google Spreadsheet or you can check all submission data to your notification email.

    Related guides:

    https://www.jotform.com/help/228-How-to-Integrate-Forms-with-Google-Sheets

    https://www.jotform.com/help/25-Setting-up-Email-Notifications

  • Profile Image
    natsteelhr
    Answered on February 16, 2020 at 09:31 PM

    Hello,

    Can you help me understand for the responses and e-signatures for forms that are not encrypted, how are they saved in Jotform server? We would like to understand, how we can be sure that jotform cannot access these responses and signatures.


    Thank you.

  • Profile Image
    AshtonP
    Answered on February 16, 2020 at 11:45 PM

    As mentioned earlier, the submission data is stored in a secure format and no one else can read it. The data is not being shared with any third parties and we do not access it for non-administrative reasons. 

    However, please note that anyone with your account access credentials will be able to see/modify the submission data. So please do not share your credentials with anyone.

    Feel free to reach us if you have any further questions.