Skip to main content

Field Encryption

Hush Line encrypts message fields individually so you can decide what should stay readable for triage and what should require your PGP workflow.

Why field-level encryption exists

Not every recipient needs the same review workflow. Some people need to sort or filter incoming submissions without exposing the actual tip contents.

A common example is an investigator, reporter, or legal team reviewing deposits about multiple organizations. They might leave a Company Name field unencrypted so they can quickly separate tips about Meta from tips about Google without exposing the message body, names, evidence, or contact details.

That is the core reason unencrypted fields exist in Hush Line: they support limited routing and triage while keeping the sensitive part of the report encrypted.

What an unencrypted field means

An unencrypted field is readable in the app without decryption. It is also visible to the hosting environment that stores the submission.

Use unencrypted fields only for low-sensitivity routing information such as:

  • company name
  • topic or beat
  • region
  • case type
  • whether the sender wants a reply

What an encrypted field means

An encrypted field is stored as ciphertext until you decrypt it with your PGP workflow.

Use encrypted fields for anything that could identify a source or reveal the substance of the report, such as:

  • the main message body
  • names of people involved
  • contact details
  • evidence descriptions
  • internal document excerpts

A practical model for custom fields

A good default setup is:

  • leave one or two routing fields unencrypted only if you truly need them for sorting or filtering
  • keep the main message field encrypted
  • keep contact and follow-up fields encrypted
  • if you are unsure whether a field should stay readable, encrypt it

One example might look like this:

  • Company Name: unencrypted
  • Message: encrypted
  • Contact Method: encrypted
  • Supporting Details: encrypted

The tradeoff

Unencrypted fields improve speed when reviewing incoming deposits, but they reduce confidentiality for those specific values. Encrypted fields preserve stronger confidentiality, but they require a decryption step before you can read them.

Choose the smallest amount of unencrypted information that still supports your workflow.