3 Things You Need to Know About Database Encryption

Written by Amy Jorgenson on December 23, 2013

Posted in Form Hacks

Database encryption is one of Formstack’s most powerful security features, and it’s a good way to protect your customer’s sensitive information. We get a lot of questions about this feature, and sometimes we encounter issues that we cannot fix because this feature is so secure. So we thought we would take a few minutes and share the three most important facts about database encryption:

1. The Who, What, When, Where, Why
We use the RSA algorithm encryption and authentication method, which is the most commonly used encryption method. We use a 1024-bit cryptographic key length to encrypt the data. Basically, it’s pretty dang safe.

You have to encrypt your database if you are collecting sensitive, identifying information such as social security numbers, passport numbers, bank account routing information, etc. This protects your end-users and covers your butt (… and ours).

You can enable database encryption under the Settings > Security tab of the form. To increase the strength of your password, include a combination of upper and lowercase letters, numbers, and special characters. You can turn off encryption at any time in the same spot as well.

2. The Lockdown
If you encrypt your database, NO ONE (including Formstack) can view your collected/saved data under the Submission tab without the password … ever.

So, don’t lose your password. If you do, you are doomed. If you lose your encryption password, there is no way for us to reset or recover the password to give you access to the collected data. This might sound negative, but it’s actually a really good thing if you think about it. This means, your data is SO secure, that there is no way for it to be accessed in any circumstance without the password. The bad news … if you do end up in this situation, the only way to reset the database is to completely wipe out the collected data and remove the password. This does not affect the actual form in any way and you will regain access to the database after the encryption is cleared.

3. Some Basic Things You Can and Can’t Do With Your Data When Encryption is Enabled

Pass data to 3rd party integrations Quick Search (since we can’t access the data, we can’t search it)
Create a share link to share data with others (they will need the password to access it) Create charts
Creates reports Recover data when you lose your password
Pre-Populate a sequential form
Send all submitted data in Notification Email
Re-run integrations

Do you have any additional questions about database encryption? Let us know in the comments below! We’ll be happy to answer them.