Where does the information go when a form is submitted? Need to know for PCI compliance.

We currently have the free starter account and did not know that you only have 10 submissions allowed when credit card information is entered. We may upgrade to the Bronze package. I have a few questions I would liked answered before we make the final decision. 

We have set up  a reservation request form where the customer does enter credit card information. Two e-mails are sent out. One to the customer without any credit card information for their records. The second is sent to us a reservations@blackbearcamping.com. We log onto our server and get the information by secure e-mail.  Recently we did an upgrade to our website, server, SSL certificates and client e-mail software on all of our computers. I wish to make sure that the customer information remains secure.

 When a customer submits a reservation, we are sent an e-mail with their information.

1. Where else does the information go?

2. Does it go to Jot Form?

3. IF yes, how long does Jot Form keep the information before it is deleted? 

4. Can the information automatically be deleted when the request is sent to us?

5. Who has access to this information?

6. It looks like the paid service packages you offer have "SSL Secure Submissions." Is this correct?

Would you please send your response to both of these e-mail addresses?

bbcamping@aol.com

reservations@blackbearcamping.com 

Valerie

Black Bear Campground

Thank you for contacting us and your consideration in upgrading your plan.

All submission data on our server are secure. We have a very powerful cloud of servers in SSAE16 Audited facilities which provides security protection against malicious attacks like SQL injection and denial of service (DOS) attacks.

If you use SSL/secure form URL to accept submission, the data transferred from your browser to our server will also be secure. We support high-grade 256-bit encryption.

1. Where else does the information go?

2. Does it go to Jot Form?

All information submitted by default goes through our servers. You may also integrate the form with Dropbox, google drive and the information will me automatically get copied there as well

3. IF yes, how long does Jot Form keep the information before it is deleted? 

No information is delete. Some will require to delete the submission manually from the submission page. In the bottom you will notice a grid. In the top right, you will be able to delete all the submission in batch

4. Can the information automatically be deleted when the request is sent to us?

Yes, you can use our auto-delete app. Once the data has been processed and all notification have been send, the information will by permanently be removed from our servers

5. Who has access to this information?

No one except you should have access to the information. You may create sub-users to share forms and data. They can also have permission to view and edit the data.

6. It looks like the paid service packages you offer have "SSL Secure Submissions." Is this correct?

Yes, by default all ours forms use SSL. You can use the secure / SSL form URL or embed script. 

Here is a guide on how to receive SSL submissions:http://www.jotform.com/help/63-How-can-I-receive-SSL-Submissions

If you want your form user to know that their data will be sent securely, you can add enable security certificate seal in your form. Here is a guide which you can refer:  http://www.jotform.com/help/131-Enabling-Security-Certificate-Seal-on-Secure-Forms

Update: JotForm is now PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team.