Schweizerform vs Email Submissions

Most small professional-services teams — clinics, law offices, accountants, advisors, recruiters, NGOs, schools — already have a "form" for collecting sensitive information. It just is not on a form platform. It is an email thread. "Please fill out the attached PDF and send it back to me." Or: "Reply with a scan of your ID, last three payslips, and the signed engagement letter." The intake works. The clients send the documents. The job gets done.

What also gets done, quietly, is a slow build-up of sensitive data sitting in inboxes, sent folders, mail servers, mobile devices, backup tapes, and the email accounts of staff who left the firm three years ago. This page is for teams that already know there is a problem with that and want a clear-eyed look at what an encrypted form platform actually changes — operationally, legally, and for the clients on the other end.

Why Email "Works" — The Honest Case

We will start with what email genuinely does well, because the reason small teams keep using it is not laziness. It is real strengths:

• Universal — every client has email; nothing to install or sign up for
• Familiar — no learning curve for staff or clients
• Asynchronous — works across time zones and around schedules
• Free at the marginal cost level — already part of what you pay for
• Audit-friendly in a thin sense — "I have the email, here is the timestamp"
• Preserves a conversational record alongside the documents

These are real properties. Any replacement that loses too many of them — by being slow, fiddly, or alienating to clients — will fail in practice no matter how superior on paper. The question this comparison answers is whether you can keep what email is good for and lose what makes it dangerous.

What Email Quietly Costs

Sensitive data sent by email does not stay in one place. It proliferates. The same passport scan, salary slip, medical questionnaire, or contract draft ends up in eight or ten places, each with its own access controls, retention rules, and breach surface. None of those rules were written with that document in mind.

• The client's Sent folder, possibly forever
• Their email provider's servers and backups
• Your mail server, plus its backups, plus its disaster-recovery copies
• Your Inbox; the inboxes of anyone you forwarded it to; the inboxes of anyone they replied to
• Local copies on every device that synced the mailbox (laptops, phones, tablets, dead employees' machines)
• Attachments downloaded to a shared drive, a desktop, a screenshot, a printer queue, a colleague's USB key
• Search indexes — your mail client knows what is in those PDFs
• Any forwarding-rules or auto-archive flows you set up and forgot

Where Email Fails Against the Rules

Email is not illegal. It is just badly aligned with how modern data-protection rules expect sensitive data to be handled. The mismatch shows up in specific, recurring places:

• Data minimisation (GDPR Art. 5, nFADP Art. 6) — a free-form email invites clients to send more than the minimum; a structured form enforces only what you actually need
• Storage limitation (GDPR Art. 5, nFADP Art. 6) — "delete after X months" is unworkable when the data is in eight places
• Right to erasure (GDPR Art. 17, nFADP Art. 32) — you cannot delete what you do not have a complete inventory of
• Integrity and confidentiality (GDPR Art. 5, nFADP Art. 8) — TLS in transit only protects email between cooperating servers; once on disk, the message and its attachments are typically plain text
• Breach notification (GDPR Art. 33–34, nFADP Art. 24) — a misdirected email with sensitive data is generally a notifiable breach in most jurisdictions
• HIPAA (US) — email containing PHI requires a Business Associate Agreement with the email provider, transport encryption, and tight access controls; default Gmail/Outlook setups do not satisfy this without specific configuration
• Professional secrecy (medical, legal, financial in Switzerland) — strong sectoral duties that pre-date data-protection law and are not satisfied by "the email server is in the EU"

Side-by-Side: Email Workflow vs Encrypted Form Platform

What Changes When You Switch

The most common worry from teams considering this switch is "my clients will not adopt it." In practice, the experience for clients usually improves — not degrades — because the form replaces an awkward conversation with a clear request.

• Clients see a single link in their language, not a vague "send me the documents" email
• The form tells them exactly what to provide — fields, file types, optional vs required — instead of guessing
• They do not have to find a scanner, fight an attachment size limit, or remember which version of the form is current
• You stop receiving partial submissions, wrong files, or 30 MB photos of a passport — the form enforces structure
• When something is missing, the form asks; nothing arrives via three follow-up emails over four days
• If they reuse the link to update their answer, you do not end up with two divergent records in two threads

When Email Is Genuinely Fine

• Conversational follow-up about a submission already received through a structured channel
• Non-sensitive scheduling and logistics ("see you Tuesday at 10")
• Generic information requests that do not involve identifiable client data
• Internal summaries that strip out PII before they hit anyone's Inbox
• Encrypted email (PGP, S/MIME) between technically capable parties who already share keys — rare in practice

Email is a fine medium for talking. It is a poor medium for collecting documents and structured personal data. The split is the same one most modern firms have already made for payments (no longer asked over email) and for signed contracts (a signing platform, not an attached PDF).

When an Encrypted Form Platform Becomes Necessary

• Healthcare, dental, therapy, and clinical-trial intake — patient data covered by professional secrecy
• Legal client onboarding — privileged information that cannot live in shared inboxes
• HR, whistleblower, and safeguarding — confidentiality of the reporter is the product
• Financial advisory, KYC, accounting, and insurance — AML duties and high-stakes client trust
• Schools and NGOs collecting parent or beneficiary information
• Any team that has ever sent or received a misdirected email with sensitive data and would prefer not to do it again

These are not edge cases — they are the bulk of regulated workflows in small and mid-sized practices. The migration is much less painful than most teams expect; the main work is the habit change, not the tool.

Migration — From "Just Email Me" to a Form Link

If your current process is email-based and you want a clean way out, the path is short:

Common Objections — and Realistic Answers

"Our email is already encrypted (TLS / Microsoft 365 / Gmail)"

Transport encryption (TLS) only protects email while it travels between cooperating servers. Once delivered, the message and its attachments sit in the mailbox in a form the provider can read. Microsoft and Google encrypt mailboxes at rest with their own keys — useful, but they can still read the data, comply with lawful access, and accidentally expose it through a misconfiguration. "Encrypted email" usually means transport encryption, not zero-knowledge.

"Our clients are older / less technical — they will not use a form"

Sometimes true at the margin, much less often than expected. The same clients book medical appointments, pay invoices, and use online banking through forms. A clearly written link with a one-line instruction usually outperforms an email that asks them to attach the right PDF in the right format. For the small minority who genuinely cannot use a form, a paper alternative is cheaper than the breach exposure of email-as-default.

"We have always done it this way and never had a problem"

Often this means "we have never had a problem we noticed." Misdirected emails that nobody reports, mailbox compromises that nobody investigated, attachments that ended up on a former employee's personal drive — these rarely produce a phone call. They produce a slow, invisible drift in your data exposure that surfaces during an audit, an incident, or a subject access request.

"Encrypted email (PGP, S/MIME) does the same thing"

In principle, yes. In practice, almost no client population has the keys, the tooling, or the willingness to make it work. PGP/S/MIME has been a credible answer for over twenty years and has not become the default for a reason. An encrypted form platform replaces the user-experience problem with a single link.

"What about secure email portals — isn't that the same thing?"

Secure email portals are an improvement on plain email — but most still store messages and attachments in a form the portal vendor can read. They solve the transport problem and the misdirection problem; they do not generally solve the "vendor cannot read submissions" problem. A zero-knowledge form platform is the layer above.

The Bottom Line

Email is a brilliant tool for conversation and a poor tool for collecting sensitive structured data. It works until it does not — and when it does not, the failure modes (misdirected message, compromised mailbox, indiscoverable copies) are the failure modes regulators care about most. "Just email me the form" is not free; it is paid in compliance risk and operational mess that nobody itemises until something goes wrong.

Schweizerform replaces that workflow with a single encrypted record per submission, hosted in Switzerland, readable only with your Access Code, available in the four languages your clients actually speak. It is not the only encrypted form platform in the world — but it is built around the property that matters most for the email-as-form crowd: the data does not proliferate, and we cannot read it ourselves.