- dcerAsked on July 02, 2014 at 01:23 PM
JotForm allows forms to be served via TLS/SSL (HTTPS) for protection of data in transit over the Internet. This is good, but is not the aspect of security I am inquiring about.
Please address whether the collected form submission data at rest is encrypted on JotForm disk storage and backups. In 2011, JotForm stated that the data was stored in plain text.  Has that changed? If not, I would like to submit secure storage as a feature request, as this would increase confidence in your service for forms that collect private information.
- JotForm SupportjonathanAnswered on July 02, 2014 at 05:01 PM
I just checked this also among my colleague just to be sure I am giving you the correct information.
And, as it is now, we still do NOT encrypt anything on our end. It still is as it was before.
Only the data in-transit should be encrypted due to the SSL protection.
But the rest, like the data and the email content, they are not encrypted.
Hope this help Inform us if you have further question.
- dcerAnswered on July 02, 2014 at 07:00 PM
Thank you for verifying this and giving me a prompt, clear answer.
My concern is that if JotForm were ever to suffer a compromise, or if disks or backup media were not fully erased when retired, then submitted form data would be at risk of unauthorized disclosure. That is why I prefer a defense in depth approach for safeguarding sensitive information.
- JotForm SupportsteveAnswered on July 02, 2014 at 07:17 PM
Thanks for the feedback. Our team will evaluate whether we will offer this service in the future.
- dcerAnswered on July 02, 2014 at 07:27 PM
Thank you for considering this.