Foundation
Three pillars of trust.
Every layer of Schweizerform is designed so that your data stays yours.
Zero-Knowledge
All encryption and decryption happen in your browser. We never see plaintext data, and we never have your encryption keys.
Swiss Infrastructure
All data is stored exclusively in Swiss data centres, protected by one of the world's strongest data protection frameworks.
nFADP Compliant
Fully compliant with the Swiss Federal Act on Data Protection, exceeding regulatory requirements through encryption.
The Difference
Plain text is a liability.
When your form provider stores data in plain text, they don't just have access — they have opportunity.
What Others Can Do With Your Data
- ✕Read and analyse every form response
- ✕Use data for marketing and ad profiles
- ✕Share or sell aggregated data to brokers
- ✕Feed responses into AI training sets
- ✕Provide employees access to sensitive data
- ✕Hand plain-text data to foreign agencies
What Schweizerform Can Do
- Store encrypted blobs we cannot decrypt
- Count the number of submissions
- Record timestamps of submissions
That's it. Nothing else is technically possible.
Enforced by architecture, not policy.
How It Works
Four layers of encryption.
A multi-layered architecture designed so your data is protected at every stage.
Access Code → Master Key
Your Access Code derives a master encryption key locally in your browser using PBKDF2 with a unique salt and high iteration count. This key never leaves your device.
Form Key Generation
Each form generates a unique AES key and RSA key pair in your browser. The AES key is encrypted with your master key. Only the RSA public key is stored in plain form.
Submission Encryption
Respondents' browsers generate a random AES key, encrypt the response with AES-256-GCM (with authenticated additional data), and wrap the key using your form's RSA public key.
Decryption in Your Browser
Your Access Code derives the master key → unwraps the form key → unwraps the RSA private key → unwraps the submission key → decrypts the response. The entire chain happens locally.
Beyond Encryption
Security at every layer.
End-to-end encryption is our foundation, but protection extends to every aspect of the platform.
Session Security
Server-validated session tokens with automatic expiry after 30 minutes of inactivity.
CSRF Protection
Cross-site request forgery tokens validated on all state-changing operations.
Rate Limiting
5 failed Access Code attempts trigger a 15-minute lockout. API endpoints are server-side rate limited.
Secure Storage
Optional Access Code persistence uses AES-GCM with a non-extractable CryptoKey in IndexedDB.
AAD Binding
Each submission includes Authenticated Additional Data bound to form and submission IDs.
File Protection
Files encrypted client-side. Original names replaced with randomised identifiers on our servers.
Transparency
Full visibility into our visibility.
What data we can access and what remains invisible to us — completely transparent.
FAQ
Security Questions
Common questions about our encryption and data protection.
Security
Compliance & Data