Is all form data collected encrypted with the provided public key?

  • Profile Image
    Asked on October 22, 2015 at 04:16 AM
    Is all form data collected encrypted with the provided public key? How long is the form data stored, can it be deleted upon request? 
  • Profile Image
    Answered on October 22, 2015 at 04:24 AM



    In JotForm you have the option to encrypt your forms. Setting your form to encrypted form will give you a public key that you can use to decrypt the submission data of your encrypted form. You can check this article for more information: What are Encrypted Forms and how to use them as expert.


    Do let us know if you need further assistance.

  • Profile Image
    Answered on October 22, 2015 at 09:39 AM

    So if social security numbers are a required form field, jotform should not be used despite the provided encryption?

  • Profile Image
    Answered on October 22, 2015 at 11:42 AM

    Asking for Social Security Numbers is possible, but we have some guidelines that you should check and follow. I will post it here in a moment.


  • Profile Image
    Answered on October 22, 2015 at 11:45 AM

    Please find the below details:

    SSN collection is not illegal. According to this site in most States, there is no law that prevents businesses from requesting SSN, and there are few restrictions on what businesses can do with it.

    However, some States have imposed restrictions on a business soliciting the SSN.

    Online form builders, including JotForm, have been used for identity theft in the past. We go to great lengths to prevent this. That is why our Terms  will mention SSNs are considered as a Phishing activity. 

    Therefore, when you do request SSN,  the chances are that our automated phishing detector will flag the form(s)  and suspend the account.  If this happens you'll have to contact support to whitelist the form and reactivate the account, explaining the purposes of the form(s).

    These are some examples of businesses that require a Social Security number for legitimate purposes:

    • Insurance companies

    • Credit card companies, lenders, and any other company receiving a credit application from you

    • The three main credit reporting agencies: TransUnion, Equifax, and Experian

    • Any company that sells products or services that require notification to the IRS, including:

    - Investment advisors

    - Banks

    -Real estate purchases

    -Financial transactions over $10,000, such as automobile purchases; and other financial transactions

    Moreover, you need to know that since we do store the information in your account, anyone with access to it would also have access to social security numbers. So, in the event of a security breach of your account this could be an issue.

    Please follow these recommendations in order to help us to whitelist your forms:

    1. Embed the form using  SSL method (

    2. Add a sort agreement and/or an e-signature field to the form, so your customers will agree to provide their SSN along with personal info.

    Here are some widgets you can add to the form (signature fields): 

    You can also add this Terms of use widget (for the agreement) 

    In conclusion:  If your purpose is not to collect SSN from the general public, but from your own customers; if your business is among the list above and if you follow the recommendations; then all this will surely make your forms not be considered as guilty of phishing activities.