Legal & Law Firm Intake Forms
Client intake, conflict checks, privileged document submissions — built for law firms that cannot afford to hand confidential data to a form provider who can read it. Zero-knowledge encryption, Swiss hosting, privilege-preserving by design.
Legal practice runs on confidentiality. Attorney-client privilege, professional secrecy rules (Art. 321 of the Swiss Penal Code, the equivalent in most civil-law jurisdictions), and bar-association ethics all converge on one principle: the content of a client matter does not leave your control. Yet most law firms collect that exact content through online forms, using tools that can read every word their clients submit.
Schweizerform was built on the opposite premise. Every submission is encrypted in the client's browser before it reaches our servers. We physically cannot read intake forms, document uploads, or responses to conflict questionnaires. For Swiss and European law firms, that property — combined with Swiss hosting and nFADP-aligned architecture — turns online intake from a weak point into a strength.
Who this page is for
Partners, managing partners, IT leads, and operations staff at law firms that handle confidential client data — corporate, litigation, family, criminal, immigration, compliance, or regulatory practice. The pitch is the same: confidentiality is the product, and the tool that collects client information must honour it.
Why Most Form Tools Fail Legal Practice
Most online form tools — Google Forms, Typeform, JotForm, Cognito Forms in its default mode — operate on a conventional SaaS model: the client's browser sends plain-text data over HTTPS, and the provider's server stores it. That server can read everything. So can the provider's staff, their integration partners, anyone who compromises their infrastructure, and any authority that serves a lawful order on the provider.
For most forms — event RSVPs, marketing surveys, simple feedback — that model is fine. For a law firm collecting client intake, it creates a specific and avoidable problem: the content of a potentially privileged communication is sitting in plain text on a third-party server.
- A new client describes a regulatory breach or a family dispute in an intake form; the provider's database contains a readable account before you've even opened the case
- A conflict-of-interest questionnaire names third parties involved in a deal; those names are exposed in the provider's systems
- A document-upload field accepts a draft employment agreement or a board minutes excerpt; the file lives on the provider's disk, scanned by their antivirus and indexed by their analytics
- A subpoena or data request targets the provider; the request reaches your client's information without the client ever being notified
The Art. 321 / professional-secrecy angle
In Switzerland, Art. 321 of the Penal Code makes breach of professional secrecy by lawyers a criminal offence. Using a form tool that can read client information, and whose staff and sub-processors can access it, creates an analytical question you do not want to have to defend: have you preserved secrecy when a readable copy exists on a third-party server? Zero-knowledge tooling removes the question.
What Changes With Zero-Knowledge Intake
The technical shift is simple. Data is encrypted in the client's browser before transmission. The server stores ciphertext. Only the form owner — the firm, using its Access Code — can decrypt the submission. The provider is reduced from a custodian of your client data to a courier of ciphertext.
Client fills in the intake form
The client opens a secure link, types their information, uploads any documents. Everything is encrypted in their browser before transmission — names, facts, file contents.
Transmission and storage
The encrypted payload travels over HTTPS to Swiss data centres. The server stores ciphertext only — there is no plain-text copy of the intake anywhere on our infrastructure.
Firm retrieves the submission
The responsible lawyer opens the submission in their browser. Using the firm's Access Code, the data decrypts on the device. Reading, reviewing, and case-file creation happen firm-side.
File retention or deletion
Submissions can be archived, exported to the case-management system, or deleted. Because we hold no keys, deletion is cryptographically final — there is no server-side copy of readable data to recover.
Where Legal Teams Use Schweizerform
New-client intake
The most common use. A prospective client completes an intake form capturing identification details, the nature of their legal question, key parties, deadlines, and supporting documents. Because the submission is encrypted client-side, the case facts reach only the attorney assigned to review them.
Conflict-of-interest checks
Conflict questionnaires often list corporate structures, opposing parties, and related counterparties — exactly the kind of information that, if leaked, signals a live engagement. A zero-knowledge form allows compliance and intake teams to run checks without a readable list of names and deals sitting on a third-party server.
Sensitive document submission
Clients often need to upload agreements, board minutes, medical records, financial statements, or evidence. Schweizerform's file uploads are encrypted client-side; filenames are randomised server-side; the provider never has access to either the content or the original name. The file goes from the client's browser to the attorney's browser, with the server acting only as encrypted storage.
Whistleblower and integrity-hotline forms
Firms increasingly host reporting channels for corporate clients under the EU Whistleblower Directive or Swiss internal-reporting policies. These channels require that the receiving party (the firm) cannot be compelled to expose the reporter's information beyond their own control. Zero-knowledge intake is a natural fit.
Cross-border matter intake
For matters involving EU, UK, or US parties, the form's infrastructure becomes part of the cross-border data story. Swiss hosting plus an adequacy decision with the EU plus zero-knowledge encryption simplifies the transfer analysis significantly — and removes US CLOUD Act exposure at the form-tool layer.
What Clients and Regulators Actually See
Two audiences matter beyond your internal team: clients and regulators. Both notice the difference between a generic form and a zero-knowledge intake.
| Perspective | Generic form tool | Schweizerform |
|---|---|---|
| Client filling intake | "My information is stored by [tool] — I don't know where or who can read it" | "The firm's form explicitly uses client-side encryption; only the firm can decrypt" |
| Opposing party discovery request | Data exists in readable form at the provider, potentially discoverable outside firm control | Data exists only as ciphertext outside the firm; discovery begins with the firm |
| Regulator or supervisory authority | Third-party readable copy complicates professional-secrecy analysis | No readable third-party copy exists; analysis is cleaner |
| Your own cyber-insurance underwriter | Typical SaaS risk profile — included in premium calculations | Materially reduced breach-impact profile for form data |
Features That Matter for Legal Practice
- End-to-end encryption on every form, every submission, every plan — not a paid upgrade
- Swiss hosting — data stays in Swiss data centres under Swiss professional-secrecy protections
- Encrypted file uploads up to 25 MB per file and 250 MB per submission — suitable for most intake document sets
- Localised client experience in English, German, French, and Italian — native, not translated labels
- Password-protected forms for channels where access control beyond the link is required
- Response caps and schedule windows for controlled intake periods
- Audit logging of administrator actions and submission access — documentation for the firm's internal governance
- No third-party trackers on public forms — the respondent's browser is not sending intake signals to analytics services
Common Objections — and Realistic Answers
"We already use a HIPAA-compliant / SOC 2 form tool"
HIPAA and SOC 2 are compliance frameworks that permit but do not require zero-knowledge encryption. A HIPAA-aligned tool can still read every submission. For legal practice, the relevant question is not "is it compliant with regulation X" but "can the tool operator access client information". If the answer is yes, professional secrecy analysis becomes harder to defend.
"Our intake form only captures names and email addresses"
That is sometimes true for initial contact forms, less often true for detailed intake. Even minimal information — "I'd like to consult about a divorce" or "I need advice on a regulatory breach" — reveals the existence of a sensitive engagement. Encryption is cheap; the alternative is context-dependent analysis every time a client provides more than their email.
"Encrypting everything makes the form slower / harder for clients"
In practice, clients do not notice. Encryption happens in the browser during submission, typically in well under a second. There is no additional step for the client, no software to install, and no password for them to remember. The experience is indistinguishable from a conventional form.
"What if we lose our Access Code?"
This is the honest trade-off of zero-knowledge architecture. Lost Access Codes cannot be recovered by the provider — that property is what gives the guarantees. We support a recovery-key flow: a second key you set up in advance and store separately (typically a printed copy in the firm's physical secure storage). Firms treat this the same way they treat any critical credential: formal procedure, multiple trusted custodians, regular review.
Getting Started at a Law Firm
Pilot with a single form
Most firms start with one form — new-client intake or a conflicts questionnaire. The free tier (1 form, 25 submissions/month) is enough to run the pilot end-to-end without procurement approval.
Document the processor relationship
Add Schweizerform to your processor register, record the Swiss hosting and zero-knowledge architecture. For EU-client matters, Swiss adequacy simplifies the transfer analysis compared to US-hosted tools.
Integrate with your intake workflow
Export decrypted submissions to your case-management system, or use them directly from the firm's browser. Audit logs record who accessed what, when.
Set retention to match your mandate
Intake data should not live forever. Use submission deletion to enforce your retention schedule. Because we hold no keys, deletion is cryptographically final.
Roll out across practice groups
Once the pilot proves out, paid plans lift the form and submission caps; all carry the same encryption and hosting.
The Bottom Line
Legal practice is not the same product category as marketing surveys. The information a client shares with their lawyer carries legal, ethical, and sometimes existential weight. A form tool that can read that information creates an avoidable weakness in a firm's confidentiality posture.
Schweizerform offers a direct solution: zero-knowledge end-to-end encryption on every form, Swiss hosting, and a posture designed around professional-secrecy expectations. No paid upgrade for security. No US cloud dependency for submission data. No readable third-party copy of client intake sitting on a server you cannot control.
Start with a single new-client intake form on the free tier. Swiss hosting, zero-knowledge encryption, and full EN / DE / FR / IT support — no credit card required.
Disclaimer: This page is general information and marketing content, not legal, regulatory, or professional-conduct advice. References to Swiss Art. 321, professional-secrecy rules, the EU Whistleblower Directive, attorney-client privilege, and related frameworks are summarised at a conceptual level and are subject to jurisdictional interpretation. Professional responsibility for client confidentiality remains with the firm. Consult a qualified legal-ethics or data-protection specialist in your jurisdiction before relying on any summary here for compliance or procurement decisions.