Schweizerform vs Google Forms
A detailed comparison of Schweizerform and Google Forms covering encryption, data privacy, hosting location, regulatory compliance, and who each tool is built for.
Google Forms is one of the most widely used form tools in the world — and for good reason. It's free, it's fast, and it's deeply integrated into the Google Workspace ecosystem. For internal polls, event sign-ups, or casual feedback, it works well enough.
But Google Forms was never designed for sensitive data. Every response is stored in plain text on Google's infrastructure, accessible to Google, indexed across their services, and subject to US jurisdiction. For organisations that collect personal, financial, medical, or confidential information, that architecture creates real risk.
Schweizerform takes a fundamentally different approach. Every submission is end-to-end encrypted in the respondent's browser. The server stores only ciphertext. There is no way for Schweizerform — or anyone else — to read your data.
This page walks through the differences that matter when privacy and compliance are on the line.
Side-by-Side Comparison
| Schweizerform | Google Forms | |
|---|---|---|
| Encryption model | End-to-end — data encrypted in the respondent's browser before transmission | TLS in transit, plain text at rest on Google servers |
| Who can read submissions | Only the form owner (with their Access Code) | Google, Google Workspace admins, and anyone with access to the linked spreadsheet |
| Server-side data access | Impossible by design — zero-knowledge architecture | Full access — Google processes data for storage, indexing, and service improvement |
| Data hosting location | Switzerland | Google Cloud — primarily US data centres, with region options for Workspace enterprise tiers |
| File attachment security | Encrypted client-side before upload, filenames randomised on server | Stored unencrypted in Google Drive |
| Regulatory alignment | nFADP, GDPR (Art. 32), HIPAA-compatible | GDPR (under Google's Data Processing Agreement), not inherently HIPAA-compliant for form data |
| Data processing by provider | None — Schweizerform cannot access submission content | Google processes data across services and may use it to improve products (per Google's privacy policy) |
| Account required for respondents | No | Optional — can be required or open |
| Open-source cryptography | Web Crypto API (browser-native, auditable) | Not applicable — no client-side encryption |
| Pricing | Free tier with full encryption; paid plans for higher limits | Free with Google account; advanced features require Google Workspace subscription |
Encryption: The Core Difference
This is the single most important difference between the two platforms, and it affects everything else — compliance posture, breach risk, data sovereignty, and trust.
Google Forms: TLS in transit, plain text at rest
Google Forms encrypts data while it moves between the respondent's browser and Google's servers using TLS (Transport Layer Security). Once the data arrives, Google decrypts it and stores it in plain text within their infrastructure. Google encrypts disks at rest using keys they manage — but this is encryption they control, not encryption that protects data from them.
In practice, this means Google employees with the right access level, any Workspace admin in your organisation's domain, and anyone with access to the linked Google Sheet can see every response in full. In the event of a breach, a subpoena, or a misconfigured sharing setting, all data is exposed as readable text.
Schweizerform: end-to-end encryption with zero knowledge
Schweizerform encrypts data in the respondent's browser using AES-256-GCM with a one-time symmetric key, before it is ever transmitted. That key is wrapped with the form owner's RSA public key, so only the owner's private key — derived from their Access Code — can unwrap it. The server never possesses a decryption key at any point.
A breach of Schweizerform's servers would expose only encrypted ciphertext. A subpoena would yield the same. There is no key for us to hand over, because we never have one.
What "zero-knowledge" means in practice
Schweizerform cannot view, search, filter, or analyse your submissions server-side. We cannot provide support by looking at your data. We cannot comply with a data request that asks for submission content — because we do not have the ability to read it. This is the trade-off of genuine zero-knowledge architecture.
Data Hosting and Jurisdiction
Where your data is physically stored determines which country's laws apply to it. This has direct implications for government access, cross-border data transfers, and regulatory compliance.
Google Forms: US jurisdiction by default
Google Forms data is stored on Google Cloud infrastructure, which by default is located in the United States. Google Workspace enterprise customers can configure data regions, but Google retains the right to process data in other locations for operational purposes. US-stored data is subject to US law, including the CLOUD Act, which allows US authorities to compel disclosure of data stored by US companies — even if the data is stored outside the US.
Schweizerform: Swiss-hosted, Swiss jurisdiction
Schweizerform's infrastructure is hosted in Switzerland. Swiss data protection law (nFADP) is among the strictest in the world, and Switzerland is not subject to EU or US data access agreements. Combined with end-to-end encryption, this means even if Swiss authorities were to request data, only encrypted ciphertext exists on our servers.
The CLOUD Act and US-hosted data
The US CLOUD Act (2018) gives US law enforcement the legal authority to compel US-based technology companies to provide data stored on their servers, regardless of where the data is physically located. For organisations outside the US using Google Forms, this means your respondents' data is reachable by US authorities — even if your organisation and respondents are in Europe or Switzerland.
Privacy and Data Processing
Beyond encryption and hosting, the way each platform handles data internally is fundamentally different.
Google's data processing model
Google Forms is part of the broader Google ecosystem. While Google's Workspace Data Processing Agreement restricts certain uses of customer data, Google's general privacy policy states that data may be used to maintain and improve services, develop new services, and provide personalised experiences. Responses are stored in Google Sheets, which integrates with Google's search, AI, and productivity features. The practical implication is that your form data exists within a large, interconnected system with multiple access points.
Schweizerform's data processing model
Schweizerform processes only encrypted ciphertext. We cannot read, search, analyse, aggregate, or use your submission data for any purpose — because we do not have the keys to decrypt it. There are no integrations that access plain-text data, no AI features that parse your responses, and no analytics built on submission content. The data is opaque to us by design.
Regulatory Compliance
The encryption and hosting model you choose directly affects your compliance posture under data protection regulations.
| Regulation | Schweizerform | Google Forms |
|---|---|---|
| Switzerland nFADP | Swiss hosting, end-to-end encryption, sensitive data classification supported | US-hosted by default, plain-text storage, requires additional contractual safeguards for cross-border transfers |
| EU GDPR | Encryption satisfies Art. 32; encrypted data may reduce breach notification under Art. 34 | Covered under Google's Data Processing Agreement; however, data is accessible to Google and subject to US CLOUD Act |
| US HIPAA | E2EE satisfies Security Rule encryption requirements for ePHI in transit and at rest | Google Forms is not listed as a HIPAA-covered service in Google's BAA; separate BAA required for Workspace, and form data remains unencrypted |
Breach notification safe harbour
Under both GDPR (Art. 34) and HIPAA, properly encrypted data that is compromised in a security incident may qualify for a breach notification safe harbour — meaning affected individuals may not need to be notified if the data was rendered unreadable. With Schweizerform, this applies to every submission by default.
When Google Forms Is the Right Choice
Google Forms is a capable tool for scenarios where data sensitivity is low and convenience is the priority:
- Internal team polls and casual feedback where no personal data is collected
- Event registrations with only names and email addresses
- Non-sensitive surveys where anonymity and confidentiality are not required
- Quick, throwaway forms for internal coordination
- Situations where deep Google Workspace integration (Sheets, Drive, Classroom) is a requirement
Google Forms is well built for these use cases. The issue arises when it is used beyond them — for health data, financial information, legal documents, HR complaints, or anything where a data breach would cause real harm.
When Schweizerform Is the Right Choice
Schweizerform is built for situations where the data being collected is too sensitive to exist in plain text on anyone's server:
- Patient intake, medical questionnaires, and health assessments
- Employee feedback, HR complaints, and whistleblower reports
- Legal client intake and confidential case information
- Financial data, insurance claims, and tax-related forms
- Customer data subject to nFADP, GDPR, or HIPAA
- Any form where respondents expect their answers to remain confidential
- Organisations that need Swiss data hosting for regulatory or client requirements
If someone filling out your form would be uncomfortable knowing that the platform provider can read their answers, that form should be end-to-end encrypted.
How Schweizerform's Encryption Works
For those who want to understand the technical model:
Form creation
Your browser generates a unique AES-256 form key and an RSA-OAEP key pair. The private key is encrypted with your Access Code and stored server-side. The server never sees the private key in plain text.
Respondent submits
The respondent's browser generates a one-time AES-256-GCM symmetric key, encrypts all answers and file attachments, and wraps the symmetric key with your form's public RSA key. All of this happens in the browser.
Server stores ciphertext
Our servers receive only encrypted data. Each payload is bound to its specific form and submission using authenticated additional data (AAD), preventing any cross-submission tampering.
You decrypt locally
Your browser uses your Access Code to derive your master key, unwrap the form's private key, and decrypt submissions. The decryption key never leaves your device.
A Fair Comparison
Google Forms and Schweizerform are built for different problems. Google Forms optimises for speed, collaboration, and integration within the Google ecosystem. Schweizerform optimises for privacy, encryption, and data sovereignty.
If you don't handle sensitive data, Google Forms is likely all you need. But if confidentiality matters — for your respondents, your compliance obligations, or your organisation's reputation — the architectural differences outlined above are not optional nice-to-haves. They are the foundation.
The question is not which tool has more features. It's whether the tool you use can read the data your respondents trust you with.
Schweizerform offers end-to-end encryption on every plan, including the free tier. No Google account required, no credit card needed.