JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
Is all form data collected encrypted with the provided public key?Asked by Saul on October 22, 2015 at 04:16 AMIs all form data collected encrypted with the provided public key? How long is the form data stored, can it be deleted upon request?
In JotForm you have the option to encrypt your forms. Setting your form to encrypted form will give you a public key that you can use to decrypt the submission data of your encrypted form. You can check this article for more information: What are Encrypted Forms and how to use them as expert.
Do let us know if you need further assistance.
So if social security numbers are a required form field, jotform should not be used despite the provided encryption?
Asking for Social Security Numbers is possible, but we have some guidelines that you should check and follow. I will post it here in a moment.
Please find the below details:
SSN collection is not illegal. According to this site https://www.privacyrights.org/my-social-security-number-how-secure-it#11 in most States, there is no law that prevents businesses from requesting SSN, and there are few restrictions on what businesses can do with it.
However, some States have imposed restrictions on a business soliciting the SSN.
Online form builders, including JotForm, have been used for identity theft in the past. We go to great lengths to prevent this. That is why our Terms will mention SSNs are considered as a Phishing activity.
Therefore, when you do request SSN, the chances are that our automated phishing detector will flag the form(s) and suspend the account. If this happens you'll have to contact support to whitelist the form and reactivate the account, explaining the purposes of the form(s).
These are some examples of businesses that require a Social Security number for legitimate purposes:
• Insurance companies
• Credit card companies, lenders, and any other company receiving a credit application from you
• The three main credit reporting agencies: TransUnion, Equifax, and Experian
• Any company that sells products or services that require notification to the IRS, including:
- Investment advisors
-Real estate purchases
-Financial transactions over $10,000, such as automobile purchases; and other financial transactions
Moreover, you need to know that since we do store the information in your account, anyone with access to it would also have access to social security numbers. So, in the event of a security breach of your account this could be an issue.
Please follow these recommendations in order to help us to whitelist your forms:
1. Embed the form using SSL method (http://www.jotform.com/help/63-How-can-I-receive-SSL-Submissions)
2. Add a sort agreement and/or an e-signature field to the form, so your customers will agree to provide their SSN along with personal info.
Here are some widgets you can add to the form (signature fields): http://widgets.jotform.com/search/signature
In conclusion: If your purpose is not to collect SSN from the general public, but from your own customers; if your business is among the list above and if you follow the recommendations; then all this will surely make your forms not be considered as guilty of phishing activities.