What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    How does JotForm secure data at rest?

    Asked by dcer on July 02, 2014 at 01:23 PM

    JotForm allows forms to be served via TLS/SSL (HTTPS) for protection of data in transit over the Internet. This is good, but is not the aspect of security I am inquiring about.

    Please address whether the collected form submission data at rest is encrypted on JotForm disk storage and backups. In 2011, JotForm stated that the data was stored in plain text. [1]  Has that changed? If not, I would like to submit secure storage as a feature request, as this would increase confidence in your service for forms that collect private information.

    Thank you.

    [1] http://www.jotform.com/answers/24312-Data-Encryption

    encryption SSL https security
  • Profile Image
    JotForm Support

    Answered by jonathan on July 02, 2014 at 05:01 PM

    Hi Daniel,

    I just checked this also among my colleague just to be sure I am giving you the correct information.

    And, as it is now, we still do NOT encrypt anything on our end. It still is as it was before.

    Only the data in-transit should be encrypted due to the SSL protection.

    But the rest, like the data and the email content, they are not encrypted.

    Hope this help Inform us if you have further question.

    Thanks!

     

  • Profile Image

    Answered by dcer on July 02, 2014 at 07:00 PM

    Hi Jonathan,

    Thank you for verifying this and giving me a prompt, clear answer.

    My concern is that if JotForm were ever to suffer a compromise, or if disks or backup media were not fully erased when retired, then submitted form data would be at risk of unauthorized disclosure. That is why I prefer a defense in depth approach for safeguarding sensitive information.

    Regards,

    Daniel

  • Profile Image
    JotForm Support

    Answered by steve on July 02, 2014 at 07:17 PM

    Hi Daniel,

    Thanks for the feedback. Our team will evaluate whether we will offer this service in the future.

    Kind Regards,

    -Steve

  • Profile Image

    Answered by dcer on July 02, 2014 at 07:27 PM

    Hi Steve,

    Thank you for considering this.

    Best,

    Daniel