Hi,
Thanks in advance.
I’m developing a set of forms with quite complex logic that redirects across multiple different forms (e.g. 20+). Users will be submitting personal and sensitive information.
Typeform is one part of our app stack, with the others being a separate front-end and back-end which receives webhook payloads.
I’ve been using hidden variables like first_name, last_name and DOB from the first typeform attached to the redirecting urls but am concerned about the security / vulnerability of this. These hidden variables allows users to be tracked and data linked across multiple forms and via webhooks (so that users are not mixed up on our end).
My question is about optimising encryption and security, given that these identifying variables are in urls. Typeform says data are encrypted ‘in-transit’ but I assume this does not apply to these urls?
Is there anyway I can encrypt, then decrypt these variables in transit between forms or without them being ‘public’? Or creating some kind of unique user identifying number?
I’ve read some responses about cookies but am not familiar with how this could be used as a solution - if you have any hints or pointers for this, that would be amazing.
I basically need to track users across multiple forms (which I currently do with hidden variables but could change) based on sensitive info like name dob, email and potentially address in a way that is low-risk from a security and encryption perspective.
Make sense?
Thanks,
James
Best answer by mathio
View original
