Are we allowed to collect ssn with just ssl?

  • jgregoire
    Asked on October 20, 2016 at 5:38 PM

    We are looking to use jotform for our application. However, we need to collect the data then post it to a page so we can process it and send it to our db. I have been able to do this with it unecrypted over SSL. However, I just read in your terms of use that for SSN, we need to also encrypt the form. Is this correct?  If so, how can I decrypt it in my post page code so I can send it to our db?

  • David JotForm Support Manager
    Replied on October 20, 2016 at 10:51 PM

    There are many features that do not work with the encryption feature, and sending POST data is one of them. You may read this guide for more information: https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them  

  • jgregoire
    Replied on October 21, 2016 at 10:25 AM

    Do we need to use the encryption if we are using SSL?

  • KadeJM
    Replied on October 21, 2016 at 10:41 AM

    SSL is not the same as Encrypted Forms.

    SSL is basically securing the form url while accessing the form page it's on whereas Encrypted Forms is more intended as a way to protect and keep your submission data secured and your data is converted to an encrypted code that only someone with the encryption key could decrypt and view it to read it.

    Please see https://www.jotform.com/help/63-How-do-I-receive-SSL-Submissions for a better understanding of SSL which is enabled by default.

  • jgregoire
    Replied on October 21, 2016 at 10:57 AM

    Thanks, I get how SSL works, but what I'm trying to determine is if, per your terms of use, do you we need to use both SSL and the encrypted forms for SSN.

  • KadeJM
    Replied on October 21, 2016 at 11:11 AM

    No problem and I see you meant you were unsure and just needed clarification about it.

    In short yes, you will need to use both ssl and form encryption if you wish to collect ssn data.

    I know that doesn't seem as straight forward in our terms but it is mentioned in there though I believe I do see some of where your confusion arose from it.

     

    " Collecting Sensitive Information. You may not use the JotForm to collect certain types of sensitive information, including but not limited to credit card information and any type of login credentials. You may collect some sensitive information such as social security numbers or driver’s license numbers, but you are required to use best security practices of JotForm including SSL and Encrypted Forms features. You are solely responsible for compliance with any data protection and privacy laws and rules applicable to the sensitive information. "