Home → Using FormSpring → Security → PGP Email Encryption
6.4. PGP Email Encryption
You MUST use PGP if you are e-mailing sensitive data to yourself, such as credit card or social security numbers. Regular e-mail is not a secure method for sending sensitive data and violates our terms of service.
PGP (Pretty Good Privacy) is a program for encrypting and decrypting email based on the OpenPGP standard.
PGP support is available in many popular email applications through 3rd-party PGP programs. Here are some of the free 3rd-party plugins available for widely used email applications:
If you can't find a plugin for your email program, you can use Gpg4win, a light-weight program for Microsoft Windows, by copying the encrypted email from any email client and pasting it into WinPT for decryption. A more complete list of free PGP programs for different clients can be found here and here. Commercial PGP programs can be purchased at PGP.com.
If you want to use PGP in a hurry or don't want to mess with installing additional software, the easiest thing to do is to setup a free email account at Hushmail.
To enable PGP for your form and upload your PGP public key:
- Click on the Settings tab for your form.
- Scroll down to Security.
- Copy and paste your public key into the Public PGP Key field.
If you do not see the PGP field, your account plan does not give you access to those features.
Notes: You do not need to enable PGP if you are not sending collected data to any email recipients, or are only sending a link to the saved data.
File attachments are not encrypted.
Alternative to Using PGP
Setting up PGP is a complicated process. An easy alternative would be to just not e-mail sensitive data to yourself. Instead, create a custom notification e-mail that includes all of the submitted data EXCEPT for the sensitive data such as credit card numbers. Then, log into your FormSpring account to view this data when you receive submissions.