Classification
Classification is your organization’s vocabulary for how sensitive a piece of information is. You define the levels once; the rest of the product attaches them to forms, documents, and responses so that handling rules can be applied consistently.
Configuration lives under Settings → Governance → Classifications and requires the classification manage permission.
Why classify
You’re classifying so that:
- People filling in forms know what kind of information they’re dealing with.
- Reviewers can filter and prioritize by sensitivity.
- Downstream handling rules (retention, sharing, export) can be tied to a level rather than applied case-by-case.
- Compliance reviews have a clean answer to “how do you categorize sensitive data?”.
If you don’t define levels yourself, the system provides a sensible default set you can start with.
What a level is
A classification level has these pieces:
| Field | What it does |
|---|---|
| Label | The short, human name (for example “Confidential”, “Public”, “Restricted”). Shown anywhere a level is displayed. |
| Description | One or two sentences describing what falls into this level. Helps your team apply it consistently. |
| Rank | A number that orders levels from least to most sensitive. Used for filtering and for the “this is at least Confidential” style of rule. |
| Severity | A handling severity tag (for example low, moderate, high, critical). Drives visual emphasis and downstream policy hooks. |
| Handling rules | Free-form notes on how this level should be handled (retention, distribution, access). Encrypted at rest. |
| Default | Whether this level is applied automatically when the user doesn’t pick one. |
| Required | Whether the level must be set on objects that support it (rather than left blank). |
A typical set
A starter taxonomy that works for many organizations:
| Label | Rank | Severity | When to use |
|---|---|---|---|
| Public | 1 | low | Information that may be shared freely outside the organization. |
| Internal | 2 | moderate | Day-to-day organization material. Default for most forms. |
| Confidential | 3 | high | Sensitive material requiring restricted access (HR, finance, legal). |
| Restricted | 4 | critical | Material requiring tightly controlled handling — typically named recipients only. |
You’re not obliged to use these. Many regulated industries have their own taxonomies that should map directly: define your levels to mirror them.
Creating and editing levels
- Open Settings → Governance → Classifications.
- Click New level (or pick an existing level to edit).
- Fill in label, description, rank, severity.
- Add handling rules — what people should and shouldn’t do with content at this level.
- Decide whether it’s the default or required.
- Save. The change is audited.
Editing a level updates the definition for everywhere it’s referenced. If you change a label, existing tagged content immediately reflects the new label.
Archiving a level
You can’t delete a level once it’s been used (because doing so would orphan tagged content), but you can archive it. An archived level:
- Stops appearing as an option for new tagging.
- Remains visible on content that was already tagged with it.
- Can be unarchived later.
Use archiving when you want to retire a deprecated level cleanly without rewriting history.
Where classification shows up
Levels you define flow into other parts of the product:
- Forms. When publishing a form template, you can pick a classification level for the form and for individual fields within it. The level becomes part of the response evidence.
- Documents and artifacts. Files uploaded into the workspace can be tagged.
- Public sessions. Sessions sent to external participants can carry a classification, which affects how the session is presented and what handling notes are surfaced.
Classification today is descriptive and evidence-bearing: it labels content and is captured in the audit trail. Automated enforcement of handling rules (preventing exports of Restricted content, forcing retention on Confidential, etc.) is on the roadmap. For now, the levels are how you make the policy visible; enforcement is a manual process backed by audit.
Cloud vs Sovereign
The classification model is the same in both deployments. Each organization defines its own levels; they are not shared across organizations.
In Sovereign, classification definitions are encrypted under the organization’s keyring like the rest of the organization’s sensitive data — including the handling-rules text, which often contains organization-specific procedures you don’t want leaked.
What’s not included yet
- Automated policy enforcement. Levels are labels and evidence today. Rules like “Restricted content cannot be downloaded by Auditors” are not built in.
- Inheritance. A field within a form does not automatically inherit the form’s classification; you set both.
- Cross-organization sharing of a canonical taxonomy. Each organization maintains its own set.
- Visual marking on rendered PDFs and document exports. Display in the UI is supported; baked-in watermarks on exported artifacts are deferred.
Related
- Roles & Permissions — who can manage levels (admins, by default).
- Audit Log — every level change and every tagging action is recorded.