Is Jotform HIPAA or PCI compliant?

  • Profile Image
    Asked on September 22, 2015 at 11:03 AM
  • Profile Image
    Answered on September 22, 2015 at 11:56 AM

    Update (April 19, 2018) HIPAA is available for our Gold and Silver plans. 


    Please check the link to find out more information on the HIPAA compliance topic:


    With regards to PCI compliance, 


    Update: JotForm is now PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team. 

    Our payment integration API's are provided by PCI compliant services, which means that we do not process the information, it is transferred securely according to a set of standards by the payment service to their servers. Some of the APIs uses methods to collect and encrypt the information. The information is not logged into our servers. Even from our back-end access - we have no access to Credit Card information submitted. Our APIs transfer the compliance to these services through the API call.

    I hope this helps. Thank you.

  • Profile Image
    Answered on August 02, 2016 at 08:57 AM

    JotForm is PCI DSS compliant. We have PCI Service Provider Level 2 certificate. 

  • Profile Image
    Answered on April 13, 2018 at 10:03 AM

    Great news! JotForm now offers HIPAA compliance. This means users in the healthcare industry can use JotForm to collect sensitive patient information through consent and onboarding forms, medical history updates, online bill payments, and prescription refill requests. 

    HIPAA-compliant forms require a Gold pricing plan, which is only $99 a month or a Silver pricing plan, which is $39 a month. A business associate agreement (BAA) is also available upon request.

    For more information about our HIPAA-compliant forms, visit

  • Profile Image
    Answered on April 19, 2018 at 04:14 AM

    Update: HIPAA is available for the Silver plan as well.