Sensitive Data Help Guide

Guidelines for the Collection of Sensitive Data

While Formstack does allow for the collection of sensitive data through our Forms when the proper security options are selected, many Users are unsure as to what data is considered 'sensitive'. This Help Guide is aimed at helping Users know what data falls into this category so that they can avoid having their Forms flagged by our filters due to them not being properly secured when collecting this data.

While not every piece of information that is considered sensitive is listed here, most information classified as Personally Identifiable Information is sensitive and needs to be protected. If you find that it is necessary for your Form to collect information that falls into either of these categories, check out the article here for more information on making sure your Form is properly secured.


Personally Identifiable Information (PII)

PII is defined as "information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context." Below several common examples of PII that are collected on our Forms that require security measure be in place have been listed.


TIP: You can read up more on the details of PII at the link below:

National Institute of Standards and Technology Guide


Credit Card Information 

Credit card information is the most commonly collected example of sensitive data that requires certain security measures to be put into place. When adding Credit Card Fields to your Form without the proper security, it will appear like this in the Builder:




And like this on the published Form (greyed out):




Once everything has been properly set in Settings > Security, the Builder will show this: 



Bank Account Information

Much like Credit Card information, it is acceptable to collect Bank Account numbers and routing numbers, so long as the security measures needed are in place.



Note: Words such as Account, ID, and Username are likely to always be flagged by our filters for review, even if referring to data that isn't considered sensitive or within a field that isn't collecting that information. So long as Formstack's Terms of Service are not being violated, the Form is likely to be approved in these cases.


Passport/Driver's License/Social Security Numbers

The wording for your labels may vary when collecting this type of information, as seen below, but they all fall under the umbrella of sensitive data.



Usernames & ID Numbers

Formstack does not allow passwords to be collected on our Forms for any purpose. That said, it is acceptable to collect usernames and/or ID numbers, so long as the proper security is set.


Not Acceptable:


Acceptable if proper security is set: 


Was this article helpful?
14 out of 24 found this helpful