Advanced Tokenization

Jotform uses nonce-based tokenization so raw payment data is never stored or exposed. Credit card fields are securely handled by the payment gateway’s JavaScript SDK, meaning Jotform never accesses card details. Instead, the gateway generates a one-time encrypted token that is sent directly to the payment processor, reducing risk and ensuring PCI compliance.

Heading

Your customer payment data stays safe, and your business stays protected.

Next-Level Payment Security

Built-in tokenization and encryption keep sensitive data away from servers, protecting both you and your customers.

Heading

How the nonce flow works for the Square, Stripe, PayPal

  • Square: Card details are entered in Square’s embedded form. Square’s JS SDK generates a one-time, short-lived nonce, which is sent to Jotform. Jotform uses it via Square’s API to complete the payment. Jotform never sees card data.
  • Stripe: Card details are entered via Stripe Elements or Checkout. Stripe’s JS SDK creates a token/payment method, which is sent to Jotform. Jotform uses it with Stripe’s API to charge, create subscriptions, or attach it to a customer. No card data is exposed to Jotform.
  • PayPal: Checkout (wallet/buttons): Users are redirected to PayPal. Jotform only receives a payment ID/token after authorization. Advanced Cards / Braintree: Card data is entered via PayPal/Braintree JS SDK, which generates a nonce/token. Jotform uses this token to complete the charge via PayPal’s API. All flows keep raw card data out of Jotform’s servers.