JotForm security and PII

  • Profile Image
    Patrick Grierson 
    Asked on October 25, 2016 at 12:05 PM

    Hey There!


    I'm looking to potentially use JotForm for one of our clients, but they would like to know more specifics about how JotForm uses the information that is captured.


    How does JotForm use captured information (PII)?. Does this information reside on your servers or is it stateless, if so for how long? Also do you use the emails and other content captured from customers for advertising or other means, or does this information solely reside on the servers until it's removed?


    Appreciate the response!!

  • Profile Image
    Answered on October 25, 2016 at 02:22 PM

    The forms and submissions are transmitted securely with a 256 bit high-grade encryption. You can also log into JotForm site securely and download your submission reports over a secure connection using

    We provide a very high security through out our hosting provider's servers for stored data. We have a very powerful cloud of servers in SSAE16 Audited facilities which provides security protection against malicious attacks like SQL injection and denial of service (DOS) attacks. 

    All our form are by default secure: 

    JotForm data centers are located in the US and Germany. We have 2 data centers in the US (Texas and Virginia) and 1 data center in Germany.

    If you want your form user to know that their data will be sent securely, you can add enable security certificate seal in your form. Here is a guide which you can refer:

    We're also Safe Harbor certified. Please see our Privacy policy here. 

    For additional security, you may also consider using the Form encryption that encrypts the form submissions. These encrypted submissions can only be viewed when the private key is supplied that is generated while enabling the form encryption. You may consider that the form submission is lost if the generated private key is lost. More information on the encrypted forms is available at the following guide:

    We never use form submission data for any type of advertisement. Once you will delete the Submissions, those will be permanently removed from our servers.

    Hope this will help. Let us know if you need further assistance.

    Thank you!