Sensitive Data Restrictions
Sensitive Data Restrictions
Effective Date: February 1, 2026
Last Updated: February 1, 2026
Definition
While Hibu One Smart Site forms can be used to collect information from visitors, certain types of data are considered sensitive and must never be requested. This protects website users — our clients’ customers — from hackers and data breaches.
Related:
Form Restrictions for Medical Related Businesses and
Prohibitive and Restricted Verticals
Policy
- Most Personally Identifiable Information (PII) is considered sensitive and must not be collected through Hibu forms.
- If a client requires collection of sensitive data, recommend a third-party form platform (e.g., FormSite.com, 123formbuilder.com, Fast Fields, JotForms).
- The client is responsible for creating and managing the third-party account.
- The client must provide embed code to Hibu for implementation.
Sensitive Data List
The following types of information are considered sensitive and must never be requested through Hibu forms:
- Any number or information that can be used to access a person’s financial resources
- Biometric identifiers (e.g., fingerprints)
- Birthdate
- Certificate or license numbers
- Checking account numbers
- Citizen visa code
- Citizenship
- Credit card numbers
- Credit rating/history
- Debit card numbers
- Device identification/serial numbers
- Driver's license
- Employer tax ID
- Ethnicity
- Federal Tax ID
- Financial aid/grant information
- Financial worth statements
- Health plan number
- Health records
- Income levels
- Medical record number
- Non-banking related financial information
- Passport numbers
- Passwords
- Payroll timesheets
- Personal identification (PIN) codes
- Savings account numbers
- Social Security number
- State identification card
- Student ID number
- Vehicle identification (e.g., VIN, serial numbers, license plate numbers)
- Veteran and disability status
- Wire transfer information
- Worker’s compensation or disability claims