What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Is all form data collected encrypted with the provided public key?

    Asked by Saul on October 22, 2015 at 04:16 AM
    Is all form data collected encrypted with the provided public key? How long is the form data stored, can it be deleted upon request? 
    encrypted form
  • Profile Image
    JotForm Support

    Answered by Chriistian on October 22, 2015 at 04:24 AM

    Hi,

     

    In JotForm you have the option to encrypt your forms. Setting your form to encrypted form will give you a public key that you can use to decrypt the submission data of your encrypted form. You can check this article for more information: What are Encrypted Forms and how to use them as expert.

     

    Do let us know if you need further assistance.
    Regards.

  • Profile Image

    Answered by Saul  on October 22, 2015 at 09:39 AM

    So if social security numbers are a required form field, jotform should not be used despite the provided encryption?

  • Profile Image
    JotForm Support

    Answered by Welvin on October 22, 2015 at 11:42 AM

    Asking for Social Security Numbers is possible, but we have some guidelines that you should check and follow. I will post it here in a moment.

    Thanks

  • Profile Image
    JotForm Support

    Answered by Welvin on October 22, 2015 at 11:45 AM

    Please find the below details:

    SSN collection is not illegal. According to this site https://www.privacyrights.org/my-social-security-number-how-secure-it#11 in most States, there is no law that prevents businesses from requesting SSN, and there are few restrictions on what businesses can do with it.

    However, some States have imposed restrictions on a business soliciting the SSN.

    Online form builders, including JotForm, have been used for identity theft in the past. We go to great lengths to prevent this. That is why our Terms  will mention SSNs are considered as a Phishing activity. 

    Therefore, when you do request SSN,  the chances are that our automated phishing detector will flag the form(s)  and suspend the account.  If this happens you'll have to contact support to whitelist the form and reactivate the account, explaining the purposes of the form(s).

    These are some examples of businesses that require a Social Security number for legitimate purposes:

    • Insurance companies

    • Credit card companies, lenders, and any other company receiving a credit application from you

    • The three main credit reporting agencies: TransUnion, Equifax, and Experian

    • Any company that sells products or services that require notification to the IRS, including:

    - Investment advisors

    - Banks

    -Real estate purchases

    -Financial transactions over $10,000, such as automobile purchases; and other financial transactions

    Moreover, you need to know that since we do store the information in your account, anyone with access to it would also have access to social security numbers. So, in the event of a security breach of your account this could be an issue.

    Please follow these recommendations in order to help us to whitelist your forms:

    1. Embed the form using  SSL method (http://www.jotform.com/help/63-How-can-I-receive-SSL-Submissions)

    2. Add a sort agreement and/or an e-signature field to the form, so your customers will agree to provide their SSN along with personal info.

    Here are some widgets you can add to the form (signature fields): http://widgets.jotform.com/search/signature 

    You can also add this Terms of use widget (for the agreement) http://widgets.jotform.com/widget/scrollable_text 

    In conclusion:  If your purpose is not to collect SSN from the general public, but from your own customers; if your business is among the list above and if you follow the recommendations; then all this will surely make your forms not be considered as guilty of phishing activities.