FormBackend logo
← Back to FormBackend

Features

Form settings and data retention

Control retention, accepted domains, spam behavior, and attachment safety

Open a form and select Settings to control how FormBackend stores and accepts submissions. Some settings depend on your plan.

Data retention

Set a retention period to automatically delete submissions after 7, 14, 30, 60, 90, 180, or 365 days. Choose Unlimited when submissions should remain until you delete them manually.

Retention is useful when your privacy policy or customer agreement requires submitted personal data to be removed on a predictable schedule.

Accepted domains

Use Whitelisted domains to accept submissions only from the website origins you specify. Enter the complete origin, such as https://www.example.com.

This is an additional abuse-control measure, not a replacement for CAPTCHA or server-side validation.

Spam detection and honeypots

FormBackend automatically evaluates submissions for spam. You can:

  • Disable automatic spam detection when another system owns that decision.
  • Change the honeypot field name from the default formbackend_nono.
  • Require ReCAPTCHA, hCaptcha, or Cloudflare Turnstile.

See Spam filtering for implementation examples.

Attachment safety

Enable Reject harmful attachments to block executable file types such as .exe, .bat, and .com. File uploads should still be limited with the HTML input’s accept attribute when you know which formats your workflow needs.

Destructive actions

The bottom of the Settings page contains actions to duplicate the form, delete every submission, or delete the form. These operations can affect a large amount of data, so export anything you need before proceeding.