One of the main reasons to have a contact form on the website is to protect the website from cyber security threats such as spam messages and bots. But there are other risks. Handling sensitive information online increases the risk of cybercrime, business espionage and unwanted AI data collection for machine learning. Secure contact forms are essential to protect sensitive data under GDPR.

Did you know that most website contact forms are in practice sent as completely unprotected e-mail messages to the recipient, regardless of whether the traffic between the browser and the web server is encrypted?
The path from the form to the final recipient is often long and insecure;
- the visitor fills in the contact form
- the web browser caches and sends the form content in clear text to the web server, the transport also takes place in clear text unless the traffic is encrypted (https)
- the web server receives the content, logs the call with the entire content in clear text in the log
- the web server creates an email message that, in addition to the form content, also contains metadata about everything from the sender’s IP address to the time and other things that are considered “important”
- the message is sent via the web server’s email service and logs everything in clear text
- the email message can now jump between several email servers before it reaches the final destination, sometimes but not always in encrypted channels, all the time with new metadata and the entire content logged in clear text at each hop
- the end recipient receives the message in their email box where it is stored in clear text together with all the metadata the message collected along the way
Slightly simplified, you can say that the process is equivalent to sending sensitive information halfway around the world on a postcard.
Secure contact forms should therefore always use end-to-end encryption (E2EE) and encrypted transmission at all stages to protect the content when it is transmitted over the internet. Encryption ensures that the content is coded and unreadable to anyone who tries to intercept it. This means that even if someone manages to steal the content, they will still not be able to read it.
But the form message also needs to be anonymized by stripping away all unnecessary metadata that is in itself sensitive information. Making it more difficult to track the person who sent the form content protects the sender against profiling in particular, and the recipient against both profiling and business espionage.
Secure and anonymized contact forms also help to enforce GDPR because the recipient can receive information via the contact form that turns out to be sensitive according to GDPR. A not entirely uncommon example from real life is, for example, an employee calling in sick via the contact form.
By both encrypting and anonymizing the content of a contact form, you create secure communication where even nosy AI data collectors, such as your own email provider, cannot access the information.
ANON::form offers a unique and easy-to-use solution as a first point of contact for website visitors. At a very affordable price.
In short, ANON::form is a secure and anonymized contact channel where the contact seeker fills in a simple form which is then sent encrypted in a secure way via email to the recipient where the message is decrypted.
The service uses strong end-to-end encryption (E2EE) where the form data is encrypted already in the browser without leaving any traces behind. And then forwarded without sensitive metadata via specially built servers to an email client that can decrypt the message.
The message cannot be tracked or read by anyone other than the recipient.
ANON:.form offers standard forms and secure transport. We recommend Proton secure email as a recipient, but our forms work with all email services and clients that support PGP encryption, such as Mozilla Thunderbird. Read more about the email services and clients we have tested with our forms.
Our standard e-forms meet the accessibility requirements according to EN301549 and WCAG2.1 AA and are spam protected with Captcha. All standard forms have extensive language support and support an attachment, read more here. On our demo page you will find links to all our ready-made standard forms.
Do this to create your new contact form:
- Create a free Proton account (or buy a subscription if you want to receive reports in e.g. Outlook). Read more about how to create a free account at Proton
- Buy a suitable subscription
- Add easy-to-find links to your standalone contact form on your website or embed the contact form with our free JavaScript library or plugin for WordPress or Joomla
HINT! Create a QR code with a link to your contact form and distribute it so that new contacts can find the form. There are plenty of free options, we recommend QR.io as a simple and fast service.