PGP Email Encryption

Enabling PGP encrypts the Notification Email that is sent out from Formstack. You have to have the key to unencrypt the message. You MUST use PGP if you are e-mailing sensitive data to yourself. For more information about whether or not the data you are sending is considered sensitive, check out our Sensitive Data Help Guide here.  Regular e-mail is not a secure method for sending sensitive data and violates our terms of service.

PGP (Pretty Good Privacy) is a program for encrypting and decrypting email based on the OpenPGP standard.

PGP support is available in many popular email applications through 3rd-party PGP programs. Here are some of the free 3rd-party plugins available for widely used email applications:

 Also, here is a list of some additional PGP applications that you can explore.

If you can't find a plugin for your email program, you can use Gpg4win, a light-weight program for Microsoft Windows, by copying the encrypted email from any email client and pasting it into WinPT for decryption. A more complete list of free PGP programs for different clients can be found here and here. Commercial PGP programs can be purchased at 

Setting up PGP is a complicated process. If you want to use PGP in a hurry or don't want to mess with installing additional software, the easiest thing to do is to set up a free email account at Hushmail and set your notification emails to be sent to that email address. Hushmail will automatically generate a public PGP key for you within your account. Click here for instructions on how to generate and export your public key.  

To enable PGP on your form and upload your PGP public key, go to the Settings > Security tab of your form and click to "Add your PGP public key".


If you do not see the PGP field in your Security Settings, your account plan does not give you access to those features. You can upgrade under the My Account > Billing > Form Plans tab.

After clicking on "Add your PGP public key", a pop-u will display for you to add your PGP key. Make sure you save. You can change or remove this at any time.


 Notes: You do not need to enable PGP if you are not sending collected data to any email recipients, or are only sending a link to the saved data. Also, File attachments are not encrypted - so you may want to *EXCLUDE the files from the Notification Email if they are sensitive as well.

Alternative to Using PGP

An easy alternative would be to just not email sensitive data to yourself. Instead, create a custom Notification Email that includes all of the submitted data EXCEPT for the sensitive data such as social security numbers. Then, log into your Formstack account to view this data when you receive submissions.


Was this article helpful?
6 out of 10 found this helpful