Client-side encrypted forms for sensitive data
vaultform.comWhile working on my company I was having to reach out to contractors and content creators for their SSN, address, and bank info. Since none of them used Signal or PGP email, and we weren't comfortable adding a form into our existing product to store sensitive data, there was always some back and forth on trying to get that data avoiding email or text.
I was surprised that I couldn't find a solution to this in the wild, so I put VaultForm together to solve that problem for me. Then took it a little further to make it client-side encrypted so the server can't know anything important. This way anyone filling out a form can be assured their private information is safely transmitted, can't be viewed or leaked by the service, and don't need to sign up for a new service to do so.
They could drop off their info into a web server, like nextcloud request. It’s end to end encrypted. What’s the issue?
Hey thanks for the question! The issue wasn't that it was impossible to capture the information securely, it was that there was a decent amount of user friction to do so. I envisioned forms to be the simplest way to capture structured data and built security around it.
By contrast, NextCloud's drop would entail emailing the user a set of attributes, asking them to create a document locally, then uploading. Adding to that not every business would know how to, or want to go through the process of setting up their own web server for this use case.
My thinking is that this private forms approach would be a better default compared to email or text, which is how many businesses are handling this data today.