What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Are https (encrypted) form submissions stored on an ecrypted jotform server?

    Asked by TreyOler on April 14, 2011 at 07:17 PM

    My forms ask for some pretty sensitive information.  I am using https form submissions, but I was wondering how secure the servers are where jotform stores the data??? Is it an encrypted server?  How safe is that information on jotform?

    Also, I am contemplating using the dropbox/jotform form...How secure are file attachments on jotform?  Again, are the files stored on jotform's servers encrypted?  Is the file encrypted during the submission process to dropbox?

     

    Please answer ASAP.

     

    Trey

    Submissions JotForm My Forms dropbox
  • Profile Image
    JotForm Support

    Answered by liyam on April 14, 2011 at 10:24 PM

    Hello Trey,

    We use a 256-bit Godaddy SSL Certificate.

    Here is what they say about the security in their FAQ:

    All of our SSL certificates support high-grade 256-bit encryption.

    The actual encryption strength on a secure connection using a digital certificate is determined by the level of encryption supported by the user's browser and the server that the website resides on. For example, the combination of a Firefox browser and an Apache Web server normally enables up to 256-bit AES encryption with our SSL certificates. This means that depending on the Web browser and Web server that combine to establish the secure connection through one of our SSL certificates, the encryption strength of the secure connection may be 40, 56, 128, or 256 bit.

    Dropbox on the other hand is a different service provider that works together with JotForm (http://www.dropbox.com) for the use of file uploading and immediate syncing of files for the form owner's ease of getting all the files submitted using their forms. It is a free service that lets you bring all your photos, docs, and videos anywhere.  They are using secure SSL (https://) connections as well and this is what they say about their security encryption:

    We take the utmost care to ensure Dropbox is secure. All transport of file data and file metadata occurs over SSL. All files are encrypted with AES-256 before being stored on our backend. These are the same standards that banks and the military use to protect their data!

    When using a site that uses SSL, all transfers and communication between the user and the website inside are by default encrypted.  

    Hope this helps.

    If you have any other concerns, please do let us know.

    Thank you.

  • Profile Image

    Answered by TreyOler on April 15, 2011 at 11:27 AM

    So the data stored on jotform's servers is encrypted if using https, correct?  Not plain text.  I just want to make sure, because I found an old forum post that said the data is stored as plain text, which wouldn't be good for me.

    Thanks.

  • Profile Image
    JotForm Support

    Answered by mliz on April 17, 2011 at 10:52 PM

    Hi,

    If you use the https on the form the transmission of data is encrypted, however
    the data is saved as plain text on our database.

    Here is the steps we recommend if you carry highly sensitive data on your forms:

    Step 1: Use "https" instead of "http" in your forms. Such as:
    https://www.jotform.com/form/form-id-here

    Step 2: Log into jotform.com with https on the browser when you need
    to access reports:
    https://www.jotform.com/

    Step 3: Disable emails on form. On your notification email enter "none" to the recipient address to do that. Since emails are not sent encrypted over the Internet. Only use the secure https://www.jotform.com site to view/download your reports.

    Step 4: After downloading the recent submissions, delete the old submissions on Reports. Do not keep them in your account.

    Hope this helps.

    Regards,
    Mliz

  • Profile Image
    JotForm Founder

    Answered by aytekin on April 18, 2011 at 09:16 AM

    When you use https on the URL it only means the data is transferred to JotForm servers encrypted. It is not saved encrypted on our servers. We do everything we can to make sure our servers are secure, firewalled and always patched. However, the form submission data is not saved encrypted on our servers.

  • Profile Image
    JotForm Support

    Answered by Charlie on November 09, 2016 at 07:47 AM

    Just an update. Our developers have added a new security layer to make your file uploads more secure. You can learn more about it on this blog post: https://www.jotform.com/blog/259-Keeping-Your-Uploads-Secure 

    Thank you.