What is the best practice when starting a workflow and sending sensitive data in the workflow.

How do we send it https?

How do we guarantee that it is stored in the database securely?

If we have to hash it prior to doing a start workflow action, any best practice on hashing it and then unencrypting it in the javascript function so that it is viewable to someone reviewing the data?