The journal
Essays on form data, encryption, and Swiss sovereignty.
Long-form notes from the team building Schweizerform — on cryptographic architecture, compliance posture, and the operational realities of running a zero-knowledge SaaS.
Why Encryption Matters for Form Data
Your form data is only as safe as the server that holds it. Here's why end-to-end encryption is the only real answer — and what zero-knowledge means in practice.
Read
nFADP Compliance for Online Forms
Switzerland's new Federal Act on Data Protection has been in force since September 2023. Here's what every business running online forms needs to know — in plain language.
Read
Zero-Knowledge Architecture Explained
The phrase 'we cannot see your data' sounds like marketing — until you understand the cryptography behind it. Here's exactly how zero-knowledge works, step by step.
Read
Encryption at Rest vs End-to-End
Most form tools advertise encryption without clarifying what they actually mean. Here's the difference between at-rest and end-to-end — and why it matters to your bottom line.
Read
The Hidden Cost of "Free" Form Tools
If you're not paying for the form tool, your data often is. A clear-eyed look at how "free" platforms actually make money — and what that means for the people filling out your forms.
Read
Swiss Data Sovereignty
The jurisdiction where your form data lives shapes who can demand it, who can read it, and under which laws. Here's why Switzerland is often the right answer.
Read
GDPR vs nFADP: Form-Data Guide for Swiss Businesses
Swiss businesses processing EU resident data face two regimes at once. Here is a field-level comparison focused specifically on what it means for online forms.
Read
Why HTTPS Alone Is Not Enough
HTTPS protects data in transit, not data at rest and not from your form vendor. Here is what that means in practice — and where end-to-end encryption actually matters.
Read
Breach Notification: How Encryption Changes the Equation
The 72-hour clock is brutal. The encryption exception under Art. 34 GDPR — and its functional equivalent under the nFADP — can shrink it. Here is how, in practice.
Read
Subpoenas & Warrants: What Happens to Your Form Data
An order lands on your form vendor's desk. What actually leaves the door — and what the vendor's architecture does to that question.
Read
Form Data Retention — How Long Should You Really Keep Submissions?
Practical retention periods for form submissions — how to set them, document them, and avoid the silent risk of indefinite storage. GDPR, nFADP, and sector-specific guidance.
Read
7 Red Flags Your Form Builder Is Mishandling Your Data
Seven specific warning signs that a form tool is quietly mishandling your data — what to check, why it matters, and how to read between the lines on a security page.
Read
The Complete Guide to Secure File Uploads Through Online Forms
Medical certificates, ID scans, contracts — files are the riskiest part of any form. What makes a file upload genuinely secure, what most tools miss, and where zero-knowledge changes the equation.
Read
Informed Consent in the Digital Age
Consent is not a checkbox. Capacity, voluntariness, information, comprehension — what informed consent actually requires online, where most forms fail, and how to design one that holds up to scrutiny.
Read
HIPAA-Compliant Form Collection
What HIPAA really requires from online forms — Privacy Rule, Security Rule, BAAs, encryption, audit logs — and where most "HIPAA-compliant" form claims start to leak.
Read
Anonymous vs Pseudonymous Forms: When Each One Matters
Most 'anonymous' forms aren't. The distinction between true anonymity and pseudonymity changes what regulators see, what attackers can extract, and which use case the form actually fits.
Read