Privacy Policy

This privacy policy explains how Jotform handles your personal information and data, and applies to all of the products, services and websites offered by Jotform Inc., Jotform LTD and their affiliates (collectively, “Jotform”), except where otherwise noted. Jotform products, services and websites are collectively referred to as the “services” in this policy. Unless otherwise noted, all services are provided by Jotform Inc., which is based in the United States.

In this policy, “you” refers to those who use and/or interact with any or all of our products, services, and websites, and “we”, “us”, and “our” refer to JotForm. “Customer”(s) refers specifically to those who use Jotform services. “Form Responders” refers to those who fill in and/or submit forms used by our Customers.

INFORMATION WE COLLECT

From Our Customers

  • Registration information. When you register for an account with us so you can create and/or use forms, we collect your username, password and email address.
  • Billing information. If you make a payment to Jotform Inc., we require that you provide your billing details, including name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number). If you provide a billing address, we will regard that as the location of the account holder. Our integrations with third party payment gateways are for processing only. We don’t store or log any sensitive cardholder data provided by you or your form users. We follow industry-standard best practices to protect the security of cardholder data during processing and transmission. Jotform Inc. is certified as a PCI DSS Level 1 Compliant Service Provider, and we perform annual audits to ensure that our handling of your credit card information aligns with industry guidelines. Read more here.
  • Account settings. Our customers can set various preferences and personal details on pages, such as your account settings page. For example, your default language, timezone and communication preferences (e.g. opting in or out of receiving marketing emails from us).
  • Form data. We store our customers’ form data (questions and responses), in some cases using third party server providers such as Amazon Web Services and Google Cloud.
  • Data you use to create forms is owned by you. Jotform Inc. treats your forms as  private, unless you make them available to members of the public. We don’t sell or make forms you’ve created available to anyone, nor do we use the form responses you collect, for purposes unrelated to you or our services, except in a limited set of circumstances (e.g. Jotform Inc. is compelled by a subpoena or court order, or if you’ve given us permission to do so).
  • Jotform safeguards responders’ email addresses. To make it easier for you to invite people to complete your forms via email, you may upload lists of email addresses, in which case we act as a mere custodian of that data. We don’t sell these email addresses or make them available to others except as directed by you and in accordance with this policy. The same is true for any email addresses collected through your forms.
  • Jotform Inc. holds your data securely. Read our Security Statement for more information.
  • Form data is stored on servers located in the United States. More information is available if you are located in Europe. Jotform Inc. will process your form data on your behalf and under your instructions and pursuant to this privacy policy.

From Visitors to Our Websites

  • Usage data. We collect usage data when you interact with our services. This may include which web pages you visit, what you click on, when you performed those actions, and so on. Additionally, like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, and timestamps.
  • Device data. We collect data from the device and application you use to access our services, such as your IP address, operating system version, device type, system and performance information, and browser type. We may also infer your geographic location based on your IP address.
  • Referral data. If you arrive at a Jotform website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
  • Information from third parties. We may collect your personal information or data from third parties, if you have given permission to those third parties to share your information.
  • Information from page tags. We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics. Emails sent by Jotform or by users through our services may include page tags that allow the sender to collect information about who opened those emails and clicked on links in them. We do this to allow the email sender to measure the performance of their email messaging and to learn how to improve email deliverability and open rates.
  • See our Cookie Policy for more info

From Form Responders

When you fill in or complete a form used by one of our Customers, we collect information relating to you and your use of our services:

  • Form responses. We collect and store the form responses that you submit, in some cases using third party server providers like Amazon Web Services or Google Cloud, on behalf of our Customers. The form creator (Customer) is responsible for this data, and they manage it. A form may ask you to provide personal information or data. If you have any questions about a form which a Customer has sent to you or given you access to fill in, or about the data to be provided in the form, please contact the form creator directly, since Jotform is not responsible for the content of that form. The form creator may have their own privacy policy.
  • Are your form responses anonymous?
    You will need to ask the form creator as it depends on how the individual, company or organization has chosen to configure the form(s). We provide information to form creators on how they can collect responses anonymously. However, even if a form creator has followed those steps, specific questions in the form may still ask you for your personal information or data that could be used to identify you.

HOW WE USE AND DISCLOSE YOUR INFORMATION

Customers

We treat unique form questions and responses as information that is private, unless a party other than Jotform has made that information public. We don’t use form data other than as described in this privacy policy without our Customers’ consent. We don’t sell Customers’ form data, nor do we make it available to third parties without the Customer’s permission.

We use information gathered from and provided by our Customers to do the following for our Customers:

Provide services and technical support, assist them with form design and creation, provide technical troubleshooting, manage our relationship with them, and to gather information on how they use our services.

Certain features of our services use the content of form questions and responses and Customer account information in additional ways. Feature descriptions will identify where this is the case. Customers can avoid the use of form data in this way by simply choosing not to use such features. For example, by using our form templates feature, to add questions to forms, you also permit us to aggregate the responses you receive to those questions with responses received by other form templates users who have used the same questions. We may then report statistics about the aggregated (and de-identified) data sent to you and other form creators.

If you choose to link your Jotform account with a third party account, such as your Google or Facebook account, Jotform may use the information you allow us to collect from those third parties to provide you with additional features, services, and personalized content.

In order to provide you with useful options to use the services together with social media and other applications, we may give you the option to export information to, and collect information from, third party applications and websites, including platforms such as Google and Twitter and social networking sites such as Facebook. When exporting and collecting such information, you may be disclosing your information to the individuals or organizations responsible for operating and maintaining such third party applications and sites, and your information may be accessible by others visiting or using those applications or sites. We do not own or operate third party applications or websites that you connect with – you should review the privacy policies and statements of such websites to ensure you are comfortable with the ways in which they use the information you share with them.

To manage our services. We use your information, including certain form data, for the following limited purposes:

  • To monitor, maintain, and improve our services and features. We internally perform statistical and other analysis on information we collect, including usage data, device data, referral data, question and response data and information from page tags, to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services, including to help us evaluate and design new features. We may use your information internally in order to keep our services secure and operational, such as for troubleshooting and testing purposes, and for service improvement, marketing, research and development purposes.
  • To enforce our Terms of Use.
  • To prevent potentially illegal activities.
  • To screen for and prevent undesirable or abusive activity. For example, we have automated systems that screen content for activities such as, phishing, spam, and fraud.

To create new services, features or content. We may use your form data and form metadata (that is, data about the characteristics of a form) for our internal purposes to create and provide new services, features or content. Regarding form metadata, we may look at statistics like response rates, question and answer word counts, and the average number of questions in a form, and publish interesting observations about these for informational or marketing purposes. When we do this, neither individual form creators nor form responders will be identified or identifiable unless we have obtained their permission.

To facilitate account creation and the logon process. If you choose to link your Jotform  account to a third party account, such as your Google or Facebook account, we use the information you allowed us to collect from those third parties to facilitate the account creation and login process.

To contact you about your service or account. We will occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, a welcome email when you first register). You are prevented from opting out of this type of communication since it is required to provide our services to you.

To contact you for marketing purposes. We will send you promotional emails only if you have consented to us contacting you for this purpose. You may opt out of these communications at any time by clicking on the “unsubscribe” link in them, or changing the relevant setting on your My Account page.

To respond to legal requests and prevent harm. If we receive a subpoena or other legal request for information, we may need to inspect the data held to determine the appropriate response.

Form responders

Personal information a form responder includes in a form belongs to the responder, unless the responder has given rights in that information to the Customer who provided them with the form. Check with the Customer if you have questions about that. Form submission data is managed by the form creator (the Customer). Jotform treats that information as private unless the responder and/or Customer has made it publicly available. Please contact the form creator directly to understand how they use your form responses. Some form creators may provide you with a privacy policy or notice at the time you complete its form, and we encourage you to review that to understand how the form creator will handle your responses.

We do not sell personal information gathered from form responses. We won’t make available form responses to third parties without permission, and we won’t use any contact details collected in our customers’ forms to contact form responders.

See the section above for information on how we use data provided by our Customers or to which our Customers have given us access.

Website visitors

See the section above regarding information related to visitors to our websites. We use that information, including but not limited to cookies, customer data, usage data, device data, referral data and information from page tags, to manage and improve our services, to serve and support our Customers, for research purposes, and for the other various purposes described in this privacy policy.

No Sale or Leasing of Your Information

We will not sell or lease your personal information to any third party. We may disclose aggregate demographic and statistical information with our business partners, but this information is not specific to the identification of you as an individual.

Generally

We may disclose information with third parties, for limited purposes, as follows:

  • Your information to our service providers. We use service providers who help us to provide you with our services. We give some personnel of these providers access to your information, but only to the extent necessary for them to perform their services for us. Our contracts with our service providers require them to maintain technical protections to ensure the confidentiality of your personal information and data, to use it only for the provision of their services to us, and to handle it in accordance with this privacy policy. Examples of service providers include payment processors, hosting services, email service providers, and web traffic analytics tools.
  • Your account details to your billing contact. If your account holder details are different from the billing contact listed for your account, we may disclose your identity and account details to the billing contact upon their request. We typically will attempt to notify you of such requests. By using our services and agreeing to this privacy policy, you consent to this disclosure.
  • Your email address to your organization. If the email address under which you’ve registered your account belongs to or is controlled by an organization, we may disclose that email address to that organization in order to help it understand who associated with that organization uses our services, and to assist the organization with its enterprise accounts.
  • Aggregated or de-identified (anonymized) information to third parties to improve or promote our services. We do this so that no individuals can reasonably be identified or linked to any part of the information we share with third parties to improve or promote our services.
  • The presence of a cookie to advertise our services. We may ask advertising networks and exchanges to display ads promoting our services on other websites. We  may ask such parties to deliver those ads based on the presence of a cookie that was placed when you visited one of our websites, but in doing so we will not share any other personal information with the advertiser. Our advertising network partners may also use cookies and page tags or web beacons to collect certain non-personal information about your activities on this and other websites to provide you with targeted advertising based upon your interests.
  • Your information if required or permitted by law. We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us.
  • Your information if there’s a change in business ownership or structure. If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization, including a merger, acquisition or consolidation or any other action or transfer between Jotform entities, you expressly consent to Jotform Inc. transferring your information to the new owner or successor entity so that we can continue providing our services.
  • Information you expressly consent to be shared. For example, Jotform Inc. may expressly request your permission to provide your contact details to third parties for various purposes, including to allow those third parties to contact you for marketing purposes. If you give your permission, you may later revoke your permission, but if you wish to stop receiving communications from a third party to which we provided your information with your permission, you will need to contact that third party directly.
  • If you’re a Customer, you are able to control who can take your form by changing your collector settings. For example, forms can be made completely public, and indexable by search engines. You can also choose to share your form responses instantly or at a public location.

Please note that, if you’re a form responder or Customer who has entrusted us with safeguarding the privacy of your personal information, we will not disclose or share it with third parties unless we have (a) given you notice, such as in this privacy policy, (b) obtained your express consent, such as through an opt-in checkbox, or (c) de-identified or aggregated the information so that individuals or other entities cannot reasonably be identified by it. Where required by law to disclose your information, we will notify you of this before disclosing it.

By using our services or visiting our websites, you consent to the above-described disclosures.

In some cases, the applications or user interfaces you encounter while on our sites are managed by third parties, who may require that you provide your personal information. We are not responsible for the privacy practices of these third party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third party service, website, and/or application prior to use.

HOW LONG WE RETAIN YOUR INFORMATION

We generally retain your information for as long as you have an account with us, or as long as necessary to otherwise to provide services to you, to comply with our legal obligations, resolve disputes, or comply with and enforce our agreements. Data that is deleted from our servers may remain as residual copies on offsite backup media for up to approximately one month afterward.

REQUESTS TO DELETE, AMEND OR WITHDRAW CONSENT – NON-EEA OR UK RESIDENTS

You may be entitled to request that we delete or amend your personal information. You may also be entitled to withdraw your consent, when consent is the basis for processing your personal information. We apply the same procedures, limitations and exceptions established for European Economic Area (EEA) and UK residents in this privacy policy to all who make such requests to delete or amend personal information, or withdraw consent for processing personal information, regardless of geographic location. Please read the “Your Rights” paragraph under the “ADDITIONAL TERMS FOR EUROPEAN ECONOMIC AREA AND UK RESIDENTS” below for details. If you are a resident of the EEA or UK, see below for more specific details on how that applies to you.

ADDITIONAL TERMS FOR EUROPEAN ECONOMIC AREA AND UK RESIDENTS

If you reside within the European Economic Area or United Kingdom, the following additional terms apply.

Legal Basis for Use of Your Information

Personal information that we collect is processed under the following legal basis:

Our legitimate interests. This includes:

  • to enable us to provide our products and services and website use and access to you
  • for analytics, to gather metrics to better understand how users use the our websites, and to evaluate and improve our websites
  • to prevent fraud and other illegal activity
  • the legitimate interests of others (for example, to ensure the security of our website)
  • to comply with legal obligations, as part of our general business operations, and for other internal business administration purposes
  • if we collect demographic information from you (such as gender and ethnic origin) in order to carry out diversity monitoring and such information is not collected in an anonymous format, then we rely on our legitimate interest to do so.

Contractual obligations. For the performance of contractual obligations between you and Jotform, including the Jotform Terms of Use and/or in our separate written contract with you.

Consent. Where required by law, we may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described in this privacy policy).

Your Rights

Deletion of Personal Information

You may be entitled to request that we delete your personal information in certain specific circumstances. If you wish to exercise this right, please submit your request using this form. We will consider all such requests and provide our response within a reasonable period (but no longer than one calendar month from our receipt of your request unless we tell you that we are entitled to a longer period under applicable law). We may require you to verify your identity before we respond to your request. Certain personal information may be exempt from such requests in certain circumstances, including as provided for in this privacy policy.

Access, Update, Data Portability and Other Rights

You may also be entitled to access your information, update your personal information which is out of date or incorrect, restrict use of your personal information in certain specific circumstances, place a data portability request (applicable only when we use your personal information on the basis of your consent or performance of a contract, and where our use of your information is carried out by automated means), and ask us to consider any valid objections which you have to our use of your personal information where we process it on the basis of our or another person’s legitimate interest. Requests should be directed via this form.

We will consider all such requests and provide our response within a reasonable period (but no longer than one calendar month from our receipt of your request unless we tell you we are entitled to a longer period under applicable law). We may require you to verify your identity before we respond to any of your requests. Certain personal information may be exempt from such requests in certain circumstances, including as provided for in this privacy policy.

Children’s Privacy

Use of our websites is intended for adults at least eighteen (18) years of age. We do not knowingly collect personally-identifying information from children under the age of thirteen (13).

Complaints

You also have the right to lodge a complaint before a supervisory data protection authority regarding our data processing. If you are in Europe, an up to date list of data protection authorities is available at https://edpb.europa.eu/about-edpb/board/members_en. If you are in the UK, the data protection authority is the UK Information Commissioner’s Office available at https://ico.org.uk/.

PRIVACY SHIELD

Jotform complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  (Your organization name) has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

In compliance with the Privacy Shield Principles, Jotform commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Jotform via this form.

Jotform has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. You may also submit a claim for binding arbitration against Jotform with JAMS (see the above website) in the event that your concerns are not satisfactorily resolved.

Jotform commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and to comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Jotform is subject to the investigatory and enforcement powers of the FTC (U.S. Federal Trade Commission).

HOW TO CONTACT US REGARDING YOUR PERSONAL INFORMATION

If you have any questions about this privacy policy, you may contact us using this form.

Representation for data subjects in the EU

We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/11830216921


Last Update: June 10, 2021