What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.

  • Profile Image

    Penetration Testing

    Asked by mrplacid on July 29, 2015 at 05:07 AM

    We are looking to use JotForm for a new project but require that it is penetration tested. Do you have any generic pen test results of the JotForm platform and do you have any objections to us arranging our own penetration test?

  • Profile Image
    JotForm Support

    Answered by Jan on July 29, 2015 at 06:22 AM

    You can run your own penetration test and then please update us what the results are if you find anything. JotForm takes security very seriously.

    - We have bug bounty programs where we pay outside parties for reporting vulnerabilities in our system.
    - Our servers are protected by private networks and constantly updated and patched.
    - Our system administrators have a collective 40+ years of industry experience.
    - Our development team is encouraged to follow best security practices.
    - All data transfer are made of 256-bit SSL secure connection.
    - Our servers are located on SSAE16 Audited facilities.

    You can also check our Privacy Policy Page and Terms of Use.

    If you have any specific questions about security please let us know we are more than happy to answer them. 

  • Profile Image

    Answered by mrplacid on July 29, 2015 at 11:54 AM

    Thanks for your reply. Please can you confirm how many different servers our forms could potentially be hosted on. I am concerned that we could pay to have a particular form pen tested and then the next day the form is hosted on a different server?

  • Profile Image

    Answered by Sammy on July 29, 2015 at 01:49 PM

    We host our forms on 3 different data centers managed by the following providers

    Amazon Web services and Incero.

    You can access the forms from any domain.

    I have forwarded this information to our developers so as to keep them in the loop regarding the upcoming penetration testing from your side


    Here is a list of regions and their respective domains

    United States
    jotform.us  and   jotform.com

    EU (European Union)



    S. America