What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Security of JotForms

    Asked by AxMann on August 14, 2014 at 11:58 AM

    Hi,
    The company I work for would like to use JotForms, if it supports our requirements. Could you please answer the Security related questions below?:

    1 SECURITY
    a Do you have any kind of Security audit or certification?
    i. HIPPA (at least)
    ii. PCI (preferable)
    b Where are your data storage servers (in-house, third
    Party (e.g. Box))
    c Can we collect CREDIT CARD information, but not actually process the cc? I.e. we keep this information as a type of deposit only to be used in the very unlikely event of a client not sending us funds to cover a deal they booked.
    d Can we encrypt certain fields (like Social Security) so that only ***** is ever shown (from form to database), unless a staff member has an encryptions key.
    e Email Verification: 2 step (2 form) process:
      a) first form collects the client’s name and email address,
      b) a verification email is sent to that email address containing a link to the main (2nd) form

    Many thanks,
    Axel

     

    name table credit card
  • Profile Image
    JotForm Support Manager

    Answered by Jeanette on August 14, 2014 at 03:08 PM

    Hello Axel, let me answer your questions:

    1     SECURITY
    a     Do you have any kind of Security audit or certification?

     We allow customers to embed a form using our SSL servers in order to get encrypted data through secure submissions .  This means the information that flows between  two points is encrypted using a asymmetric algorithm.  We use a 256-bit Godaddy SSL Certificate. 

    i. HIPPA (at least) Please read this post

    ii. PCI (preferable)

    c Can we collect CREDIT CARD information, but not actually process the cc? I.e. we keep this information as a type of deposit only to be used in the very unlikely event of a client not sending us funds to cover a deal they booked.

    JotForm cannot store credit card information in a PCI-compliant manner. Thus, we disallow collection of any type of financial data using our forms.

    If you would like to accept credit card payments, you can use our ready-made integrations with some of the most popular payment gateways, such as Paypal, Stripe, Authorize.Net  among others.

    http://www.jotform.com/help/47-Order-Form-Basics

    With these integrations, JotForm does not store credit card information and merely transmits them to the chosen gateway (for processing) in a secure manner (SSL).

    d.Can we encrypt certain fields (like Social Security) so that only ***** is ever shown (from form to database), unless a staff member has an encryptions key.

    eEmail Verification: 2 step (2 form) process:
     a) first form collects the client’s name and email address,
     b) a verification email is sent to that email address containing a link to the main (2nd) form

    The answer is no, we do not provide encryption key, however, you might want to use the source code of the form and hire a programmer to do this job for you so SSN can be transmitted encrypted. We do not also verify emails. You can enable email confirmation in the email field though.

    For further questions, please open a single thread per each unrelated questions, and we will gladly assist you.