Encryption

natsteeljk

Asked on February 5, 2020 at 2:04 AM

Hello,

I would like to check with you regarding the encryption of forms and signatures.

As I am designing a form with e-signature, I would like to understand how are signatures and forms' responses saved as encrypted format? I understand that due to PDPA, employees’ signature in the database must be encrypted. Can you please advise if all the signatures were saved as encrypted format?
mertcankat

Replied on February 5, 2020 at 8:36 AM

Hi,

Yes, all e-signatures saved as encrypted format.

If you want another layer of security on top of the already secured forms and submissions we offer, you can check Encrypted Forms. Please check this guide for more information: https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them

Also you can upgrade your account to Silver or Gold for HIPAA Compliance.
JoeyKoh

Replied on February 6, 2020 at 7:30 PM

Hi,

Just to confirm, both the e-signature's file and the PDF copy of the responses will be saved in encrypted format?
Joeykoh96

Replied on February 6, 2020 at 7:58 PM

Hi,

Is it possible to encrypt only the e-signature in JotForm database?

We would like to understand how JotForm manage the e-Signature at the backend, if we use unencrypted forms?
VincentJay

Replied on February 6, 2020 at 9:44 PM

Just to confirm, both the e-signature's file and the PDF copy of the responses will be saved in encrypted format?

If you enable the Encryption to your form, yes, all data will be encrypted and only you can decrypt it using a JotForm key. For more information, please check this guide: https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them

Is it possible to encrypt only the e-signature in the JotForm database?

No, you can only do that if you're a HIPAA account. You can choose what field you want to be encrypted. Here's a link for more information: https://www.jotform.com/help/518-How-to-set-PHI-fields-on-your-forms

We would like to understand how JotForm manages the e-Signature at the backend if we use unencrypted forms?

I would suggest to try it on your end to see what you want to achieve.

You can also check our Security page: https://www.jotform.com/security/

Do you want to collect the E-signature but you do not want to save it on our server? Could you please provide more information on what you want to achieve?
Joeykoh96

Replied on February 6, 2020 at 10:39 PM

Hi,

We would like to understand how are these responses stored on JotForm database.

Is JotForm able to read our responses? How are these files "encrypted" or managed to ensure that these data are not accessible by anyone else other than my account?
AshtonP

Replied on February 7, 2020 at 2:07 AM

We would like to understand how are these responses stored on JotForm database. Is JotForm able to read our responses? How are these files "encrypted" or managed to ensure that these data are not accessible by anyone else other than my account?

Submission data is stored in a secure format and no one else can read it. Submissions are encrypted with high-grade RSA 2048 right at the user's computer then transferred and stored in our servers securely.

You are the only one holding the private key- nobody except you can access your data. Notifications will alert you when an encrypted response is received, and you can use your private key to read them.

I suggest you please read these articles for more details:

Link 1: https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them#What-Is-the-Difference-Between-a-Secure-Form-and-an-Encrypted-Form

Link 2: https://www.jotform.com/security/

Hope this helps! Let us know if you need additional assistance.
natsteelhr

Replied on February 7, 2020 at 2:23 AM

Hi,

Thank you for your responds. As I understand that by encrypting my forms with a private key, it creates the potential risk of losing my responses if I lost the key.
Without Encrypting the files, may I understand if the "Submission data is stored in a secure format and no one else can read it. Submissions are encrypted with high-grade RSA 2048 right at the user's computer then transferred and stored in our servers securely" still works?
VincentJay

Replied on February 7, 2020 at 5:05 AM

As I understand that by encrypting my forms with a private key, it creates the potential risk of losing my responses if I lost the key.

- This is correct. Please keep your JotForm key safe.

Without Encrypting the files, may I understand if the "Submission data is stored in a secure format and no one else can read it? Submissions are encrypted with high-grade RSA 2048 right at the user's computer then transferred and stored in our servers securely" still works?

- It is secured as long as you do not share your JotForm account with others. To view your submissions, please follow this guide: https://www.jotform.com/help/269-How-to-View-Form-Submissions

If you do not want us to store your submission data, we have an app that will delete all incoming submission data immediately.

You can store your submission data to your Google Spreadsheet or you can check all submission data to your notification email.

Related guides:

https://www.jotform.com/help/228-How-to-Integrate-Forms-with-Google-Sheets

https://www.jotform.com/help/25-Setting-up-Email-Notifications
natsteelhr

Replied on February 16, 2020 at 9:31 PM

Hello,

Can you help me understand for the responses and e-signatures for forms that are not encrypted, how are they saved in JotForm server? We would like to understand, how we can be sure that jotform cannot access these responses and signatures.

Thank you.
AshtonP

Replied on February 16, 2020 at 11:45 PM

As mentioned earlier, the submission data is stored in a secure format and no one else can read it. The data is not being shared with any third parties and we do not access it for non-administrative reasons.

However, please note that anyone with your account access credentials will be able to see/modify the submission data. So please do not share your credentials with anyone.

Feel free to reach us if you have any further questions.