Got your email regarding the KYC process. I would like to clarify a few points before proceeding.
In your message, you questioned our collection of personally identifiable information (PII), yet you are also requesting that I provide my own PII for your process. To better understand this, could you please confirm:
Under which regulations or compliance frameworks you are required to collect my PII.
Which authority, regulator, or partner entity you are submitting or reporting this information to.
How my PII will be stored, protected, and used once collected.
I trust you understand the importance of transparency when handling sensitive information. Once I have this clarification, I will be in a better position to comply with your request.
Chris_L
JotForm Support
Replied on August 21, 2025 at 2:08 AM
Hi Leo,
Thanks for reaching out to Jotform Support. I’ve reached out to the related team about this. Once they look into things, they'll reply to you here on this thread.
Reach out again if you need any other help.
Bryan
Fraud & Abuse Operations Manager
Replied on August 21, 2025 at 2:13 AM
Hi leo li,
Thanks for using Jotform. We take our user's security and privacy very seriously. Know Your Customer (KYC) or the user verification is a process we developed to help legitimate organizations collect Personally Identifiable Information (PII) while following our terms. Collecting PII without verification is not allowed. KYC is only required once.
Personally Identifiable Information refers to any data that can be used to identify an individual. This includes, but is not limited to:
National ID, passport numbers, or other government-issued identification
Social Security Number (SSN)
Financial information like bank account or bank statements
As your forms include fields that collecting sensitive information, we'll need to verify the organization and the account owner. Anyone who manages the account could fill out the form.
The selfie that's provided will be removed from the form submission after the user verification process is done. You can check out our Terms, Privacy and Security pages for more information about.
Once you fill out the KYC form, we'll review it and let you know about your forms' status.
L
Lola
Replied on August 21, 2025 at 5:26 PM
I have the same questions as OP.
I don’t see answers here, or in the email.
I’ve checked each of the links you suggested. And none of them contain any info on KYC requirements that I could see. KYC isn’t even mentioned.
The questions were:
Under which regulations or compliance frameworks you are required to collect my PII? (No response. The email implies a need for regulatory compliance. By whom?)
Which authority, regulator, or partner entity you are submitting or reporting this information to. (No response)
How my PII will be stored, protected, and used once collected. (No response other than that you’ll delete the selfie. Where is that noted in your official policies? How will my legal name, address, phone number, business info, and reason for collecting PII info be used, shared, and stored?)
In addition, what do you consider to be a “legitimate business need” for asking a client for photo ID?
My legitimate business need to ask a client for photo ID is to ensure they are who they say they are, and that they are not a minor.
Still unclear what your legitimate business need for my information is. Please explain.
Christian Ice
JotForm Support
Replied on August 21, 2025 at 5:38 PM
Hi Lola,
I’ve gone ahead and moved your other question to a separate thread to keep things tidy, and someone from our Support Team will help you out with it here.
Let us know if you need any more help.
Bryan
Fraud & Abuse Operations Manager
Replied on August 22, 2025 at 4:02 AM
Hi leo li,
Under which regulations or compliance frameworks you are required to collect my PII.
We take our user's security and privacy very seriously. According to our terms, "Collecting highly sensitive personal information such as social security numbers, national ID cards or numbers, and the like, without what we deem to be a valid reason for doing so" is a violation and may result in permanent suspension. KYC process is the way of validating the reasons to collect such information.
Which authority, regulator, or partner entity you are submitting or reporting this information to.
We only disclose your information to competent authorities, regulators, or other legally authorized entities if we receive a valid and binding legal request, such as a subpoena, court order, or an equivalent official process. Outside of these exceptional cases, your information remains securely stored with Jotform and is not shared with any third party.
How my PII will be stored, protected, and used once collected.
Your personally identifiable information is encrypted and securely stored once collected. Jotform complies with major international and regional privacy frameworks, including GDPR, CCPA, HIPAA, SOC 2, and others, to ensure your information is handled according to strict regulatory standards.
Let us know if there's anything else we can do for you.
Your Reply
AI Generated Answer
Something Went Wrong
An error occurred while generating the AI response. Please try again!
Chris_L JotForm SupportReplied on August 21, 2025 at 2:08 AM
Bryan Fraud & Abuse Operations ManagerReplied on August 21, 2025 at 2:13 AM
Christian Ice JotForm SupportReplied on August 21, 2025 at 5:38 PM