My Form is Violating the Terms of Service

If you were warned for a general violation of our terms of service, a data encryption warning, or a similar warning, we want to let you know how to fix this. These warnings are most often due to the collection of sensitive data on your form without the proper security measures in place.

What is sensitive data?

While not every piece of information that is considered sensitive is listed here, most information classified as Personally Identifiable Information is sensitive and needs to be protected.


Some of the most common sensitive data is listed below. Follow our Sensitive Data Help Guide if you would like to read more about what is sensitive data.

• Credit or debit card numbers

• Bank account information

• Social security numbers (including only the last four digits)

• Passport numbers

• Foreign visa numbers

• Drivers license numbers

• Tax information & identification numbers

• Policy numbers

• Usernames

• File uploads that are, or could be collecting any sensitive information are also considered sensitive

• Passwords: We do not allow for the collection of passwords for any purpose. Forms collecting password data are automatically deactivated by the system; your Account will remain active, however, said Forms will not be accessible.


I'm collecting sensitive data. How can I follow your terms of service?

If you're collecting sensitive data, you are required to use SSL and Data Encryption on your form. These are both required in order to store this data in your account. But you also cannot pass the sensitive data your collecting via Notification or Confirmation emails without the proper email settings.


You have three options:

1) Enable the PGP email encryption via the instructions in our PGP Support Doc

2) Choose to send a link to the submitted data instead of sending the data over email (see below)

3) Use a Custom Message, but be selective on which information goes out in your emails so that it doesn't include the sensitive information on your form (see below)


If you're collecting files that contain sensitive data, you will need to not attach or include those files along with your Notification & Confirmation emails since file uploads are not encrypted through Formstack. We also suggest using one of our file storage integrations if collecting sensitive data in your file uploads.


The easiest and most convenient option is to set your notification email contents to a "Link to Submitted Data."


You can also make your email a custom message and avoid sending those fields containing sensitive data and sensitive data files. A custom message is the only way to avoid sending all submitted data on Confirmation Emails.



Forms flagged for phishing will be moved to the Inactive Folder on your Account.  You may reactivate these Forms by making the required changes to the Form or enabling the proper security.  Next, go into the Forms Menu > Archived Forms > place a checkmark next to the Form(s) in question and choose to Restore these on the Account.


Note: Forms reactivated without the proper changes or with enabling the proper security will be re-flagged and added back to the automated security filter.  Please ensure the proper changes are made to the Form prior to Restoring the Forms.


Was this article helpful?
8 out of 20 found this helpful