Jotform Secure Online Forms

At Jotform, our reputation rests on our ability to provide all of our users with the highest form security.

Why is Jotform Secure?

Ensuring the privacy and security of your data is a top priority for us. You can rest easy knowing that we take every precaution to provide an online form service with high grade security.

256 Bit SSL

Regardless of your plan, all your forms are served across a protected 256 bit SSL (Secure Socket Layer) connection that uses a SHA256 Certificate. It is the industry standard protection.

Encrypted Forms

Easily encrypt your forms to ensure that submission data is transferred and stored in a secure format so no one else can read it. Submissions are encrypted with high-grade RSA 2048 at the user’s computer, then transferred and stored securely on our servers.

PCI Certification

Jotform is PCI DSS Service Provider Level 1 compliant, the highest security attainment you can have as a business that collects payments from and integrates with credit cards.

GDPR Compliance

Jotform is compliant with the European Union’s General Data Protection Regulation (GDPR), which governs businesses that collect personally-identifiable information from or on EU citizens.

CCPA Compliance

Jotform is compliant with the California Consumer Privacy Act (CCPA), which, among other things, prohibits the selling of personal information of California residents without their consent.

HIPAA-Friendly Forms

With Jotform’s HIPAA features, healthcare providers can collect patient information through forms that enable HIPAA compliance. A Business Associate Agreement (BAA) is also available upon request. Learn how Jotform enables HIPAA compliance.

StateRAMP

Jotform Government has been built and is being managed according to security controls common to both FedRAMP and StateRAMP, as documented in NIST Special Publication 800-53 Revision 5. Jotform is currently in the security snapshot Program of StateRAMP.

SOC 2 Compliance

Jotform is committed to upholding all five SOC 2 Trust Service Principles: security, confidentiality, availability, privacy, and processing integrity. We offer a SOC 2 compliance solution to our Enterprise customers. Learn more about how Jotform Enterprise protects your organization’s data.

FERPA Compliance

We work with educational organizations to provide transparency about the handling and processing of students’ personal information in our forms, apps, and other products, to ensure compliance with FERPA.

General Legal Compliance

At Jotform, we take compliance with all laws that are applicable to our business and our platform seriously, including laws that protect individuals' privacy and data, and we have many measures, practices, and policies in place to ensure our compliance. See the compliance and privacy links on this web page for more information.

Spam Protection

In addition to the Captchas that you can use in your forms, we have several other options to protect your forms from spammers. For example, you can choose to allow only one submission per IP or computer, or you can disable your form after a specific time or number of submissions.

Form Privacy

In your form privacy settings, you can limit access to your data depending on the level of privacy that you choose. You can also disable cloning of your forms or require a login to access a submission (this is by default protected via unique URLs).

HECVAT

Jotform has used the Higher Education Community Vendor Assessment Toolkit, also known as HECVAT, to assess our Enterprise product and ensure the security and safety of our higher education partners.