What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.

  • Profile Image

    Form limit, security and storage

    Asked by Paul  on September 19, 2015 at 01:57 PM


    If one needed more than 100,000 submission per month how will the cost be calculated?

    When a form required a social security number is it stored on your system somewhere or any other information?



  • Profile Image
    JotForm Support

    Answered by Welvin on September 20, 2015 at 01:27 PM

    Hi Paul,

    We have a Platinum Plan which will cost you $499 USD per month. With limits such as 10 Million Submissions per month. 1TB of File Storage. 100 Sub User Accounts.



    All form data is stored to our servers. They are secured and we can guarantee you that matter. As for collecting SSN, we have some guidelines for that (will follow up for that information).


  • Profile Image
    JotForm Support

    Answered by Welvin on September 20, 2015 at 01:30 PM

    Hi Paul,

    Please find our guidelines below for collecting SSN in the form:

    SSN collection is not illegal. According to this site https://www.privacyrights.org/my-social-security-number-how-secure-it#11  in most States, there is no law that prevents businesses from requesting SSN, and there are few restrictions on what businesses can do with it.

    However, some States have imposed restrictions on a business soliciting the SSN.

    Online form builders, including JotForm have been used for identity theft in the past. We go to great lengths to prevent this. That is why our Terms  will mention SSNs are considered as a Phishing activity. 

    Therefore, when you do request SSN, the chances are that our automated phishing detector will flag the form(s)  and suspend the account.  If this happens you'll have to contact support to white list the form and reactivate the account, explaining the purposes of the form(s).

    These are some examples of businesses that require a Social Security number for legitimate purposes:

    • Insurance companies

    • Credit card companies, lenders, and any other company receiving a credit application from you

    • The three main credit reporting agencies: TransUnion, Equifax, and Experian

    • Any company that sells products or services that require notification to the IRS, including:

    - Investment advisors

    - Banks

    -Real estate purchases

    -Financial transactions over $10,000, such as automobile purchases; and other financial transactions

    Moreover, you need to know that since we do store the information in your account, anyone with access to it would also have access to social security numbers. So, in the event of a security breach of your account this could be an issue.

    Please follow these recommendations in order to help us to whitelist your forms:

    1. Embed the form using  SSL method (http://www.jotform.com/help/63-How-can-I-receive-SSL-Submissions)

    2. Add a sort agreement and/or an e-signature field to the form, so your customers will agree to provide their SSN along with personal info.

    Here are some widgets you can add to the form (signature fields): http://widgets.jotform.com/search/signature 

    You can also add this Terms of use widget (for the agreement) http://widgets.jotform.com/widget/scrollable_text 

    In conclusion:  If your purpose is not to collect SSN from the general public, but from your own customers; if your business is among the list above and if you follow the recommendations; then all this will surely make your forms not be considered as guilty of phishing activities.