Can Cyphorm read my form submissions?

No. Without your private key, ciphertext is mathematically useless to us. The key is created in your browser and never sent to our servers.

What if I lose my private key?

Use QR code backups or export to a password manager. If all copies of the key are lost, responses cannot be decrypted—by anyone.

Is Cyphorm HIPAA compliant?

Our architecture is designed to support HIPAA compliance workflows because we cannot access PHI in submissions. Your organization still needs appropriate agreements, policies, and configuration—ask your counsel about your specific situation.

How is this different from Jotform's encrypted forms?

Password-based models often mean the provider's product can decrypt with the shared secret. Cyphorm uses an RSA public/private keypair born in your browser; the private key never leaves your device.

Zero Knowledge Forms — Not Even We Can Read Your Data

Submissions are encrypted before they touch the network. We are not in the chain of custody.

Try Cyphorm Free

What Is Zero Knowledge?

In everyday terms, “zero knowledge” here means the service never receives the secret required to read your data. Your browser generates a public key (shareable) and a private key (never uploaded). Respondents' answers are encrypted to your public key; only someone with the private key can decrypt.

That is different from “we encrypt your data.” Many products encrypt at rest on their servers—but they still hold the keys, so they can decrypt for export, search, or legal process. With Cyphorm, the ciphertext that lands in our database is useless without your key.

You can verify the model yourself: below is the same illustration we show on the homepage—what a database row actually looks like when the provider truly cannot read submissions.

How It’s Different From “Encrypted” Forms

Approach	Can the provider read submissions?	Typical notes
Google Forms	Yes—data is protected in transit, but Google operates the application and storage.	Great for convenience; not a confidentiality boundary against the host.
Jotform encrypted forms (password-based)	Often yes in practice—the product can participate in decrypting when the shared password model is used.	Feature-rich; encryption model differs from browser-only private keys.
HIPAA “encrypted at rest” form builders	Often yes—the vendor usually holds keys for operations.	Compliance framing; still not the same as true zero-knowledge to the vendor.
Cyphorm	No—we store ciphertext and never receive your private key.	Web Crypto RSA in the browser; subpoena to us yields opaque blobs.

The point is simple: “encrypted” is not the same as “private from the vendor.” If they can decrypt, the architecture is different from Cyphorm’s.

The Ciphertext Demo

The row below is representative of what we persist—no plaintext fields.

① What the respondent sees

Job Application

Full Name *

Email *

Cover Letter

I am excited to apply for this role...

🔒 End-to-End Encrypted by Cyphorm™

Before the data leaves the browser, JavaScript encrypts it using the form owner's public key. The plaintext never touches the network.

② What Cyphorm™'s database stores

-- encrypted_responses table

encrypted_payload:
7GpLmX3kR9wQzN1vBs8TdYeKfJhCnOuA4iW6xP2yVqEaImZ0bHlcDgRtMFsUjp+kL9XnQ3YwCzA1vBe8TdKfJhOpNm7GsLrX4iW2xPqEaZ0bHlcVgRtM...

encrypted_key:
X9mKpL3rQzN7vBs1TdYeGfJhCnOuA4iW6xP2yVqEaImZ0bHlcDg...

iv:
aBcDeFgHiJkL==

submitted_at:
2026-03-22 15:04:12

This is the literal content of the database row. There is no name, no email, no cover letter — only ciphertext that is mathematically meaningless without the private key.

③ Why we can't read it — ever

Your password

Stored as a one-way bcrypt hash. We cannot reverse it. Even if we wanted to, we don't know what you typed.

Your private key

Never sent to our servers. It lives only in your browser's storage, wrapped with a key derived from your password.

The encrypted data

Decryptable only with the private key, which only you have. A court order against us yields nothing readable.

The chain of custody

Password → derives key → unlocks private key → decrypts data. We are not in this chain at any step.

This isn't a privacy policy promise. It's a mathematical guarantee enforced by your browser.

Use Cases

Zero-knowledge architecture matters most when trust boundaries are strict:

Whistleblower and sensitive reporting
Law firms and privileged intake
Healthcare-style intake (pair with your compliance program)
HR feedback that must not sit in plaintext with the vendor

Pricing

Zero-knowledge encryption is included on every tier, including Free.

Plan	Price	Highlights
Free	$0/mo	3 active forms, 100 responses per form, 60-day retention, full E2E encryption
Pro	$12/mo	Unlimited forms, 1,000 responses per form, 180-day retention, branding removal, notifications
Business	$29/mo	5,000 responses per form, 365-day retention, audit logs

Full feature comparison →

Questions We Hear Often

Can Cyphorm read my form submissions?: No. It is a consequence of the design—not a policy promise.
What if I lose my private key?: Back it up (QR sheet or password manager). Without it, decryption is impossible.
Is Cyphorm HIPAA compliant?: We architect so we cannot access submission contents; your compliance posture still depends on BAA, workflow, and legal review.
How does this differ from Jotform’s encrypted forms?: Password-centric flows often give the provider a path to help recover or process data. Our private key never leaves your browser.

Try Cyphorm Free

Also read: Can form builders read your submissions? and A Google Forms alternative with real privacy.