- TreyOlerAsked on April 14, 2011 at 07:17 PM
My forms ask for some pretty sensitive information. I am using https form submissions, but I was wondering how secure the servers are where jotform stores the data??? Is it an encrypted server? How safe is that information on jotform?
Also, I am contemplating using the dropbox/jotform form...How secure are file attachments on jotform? Again, are the files stored on jotform's servers encrypted? Is the file encrypted during the submission process to dropbox?
Please answer ASAP.
- JotForm SupportliyamAnswered on April 14, 2011 at 10:24 PM
We use a 256-bit Godaddy SSL Certificate.
Here is what they say about the security in their FAQ:
All of our SSL certificates support high-grade 256-bit encryption.
The actual encryption strength on a secure connection using a digital certificate is determined by the level of encryption supported by the user's browser and the server that the website resides on. For example, the combination of a Firefox browser and an Apache Web server normally enables up to 256-bit AES encryption with our SSL certificates. This means that depending on the Web browser and Web server that combine to establish the secure connection through one of our SSL certificates, the encryption strength of the secure connection may be 40, 56, 128, or 256 bit.
Dropbox on the other hand is a different service provider that works together with JotForm (http://www.dropbox.com) for the use of file uploading and immediate syncing of files for the form owner's ease of getting all the files submitted using their forms. It is a free service that lets you bring all your photos, docs, and videos anywhere. They are using secure SSL (https://) connections as well and this is what they say about their security encryption:
We take the utmost care to ensure Dropbox is secure. All transport of ﬁle data and ﬁle metadata occurs over SSL. All ﬁles are encrypted with AES-256 before being stored on our backend. These are the same standards that banks and the military use to protect their data!
When using a site that uses SSL, all transfers and communication between the user and the website inside are by default encrypted.
Hope this helps.
If you have any other concerns, please do let us know.
- TreyOlerAnswered on April 15, 2011 at 11:27 AM
So the data stored on jotform's servers is encrypted if using https, correct? Not plain text. I just want to make sure, because I found an old forum post that said the data is stored as plain text, which wouldn't be good for me.
- JotForm SupportmlizAnswered on April 17, 2011 at 10:52 PM
If you use the https on the form the transmission of data is encrypted, however
the data is saved as plain text on our database.
Here is the steps we recommend if you carry highly sensitive data on your forms:
Step 1: Use "https" instead of "http" in your forms. Such as:
Step 2: Log into jotform.com with https on the browser when you need
to access reports:
Step 3: Disable emails on form. On your notification email enter "none" to the recipient address to do that. Since emails are not sent encrypted over the Internet. Only use the secure https://www.jotform.com site to view/download your reports.
Step 4: After downloading the recent submissions, delete the old submissions on Reports. Do not keep them in your account.
Hope this helps.
- JotForm FounderaytekinAnswered on April 18, 2011 at 09:16 AM
When you use https on the URL it only means the data is transferred to JotForm servers encrypted. It is not saved encrypted on our servers. We do everything we can to make sure our servers are secure, firewalled and always patched. However, the form submission data is not saved encrypted on our servers.
- CharlieAnswered on November 09, 2016 at 07:47 AM
Just an update. Our developers have added a new security layer to make your file uploads more secure. You can learn more about it on this blog post: https://www.jotform.com/blog/259-Keeping-Your-Uploads-Secure