Features
Form settings and data retention
Control retention, accepted domains, spam behavior, and attachment safety
Open a form and select Settings to control how FormBackend stores and accepts submissions. Some settings depend on your plan.
Data retention
Set a retention period to automatically delete submissions after 7, 14, 30, 60, 90, 180, or 365 days. Choose Unlimited when submissions should remain until you delete them manually.
Retention is useful when your privacy policy or customer agreement requires submitted personal data to be removed on a predictable schedule.
Accepted domains
Use Whitelisted domains to accept submissions only from the website origins you specify. Enter the complete origin, such as https://www.example.com.
This is an additional abuse-control measure, not a replacement for CAPTCHA or server-side validation.
Spam detection and honeypots
FormBackend automatically evaluates submissions for spam. You can:
- Disable automatic spam detection when another system owns that decision.
- Change the honeypot field name from the default
formbackend_nono. - Require ReCAPTCHA, hCaptcha, or Cloudflare Turnstile.
See Spam filtering for implementation examples.
Attachment safety
Enable Reject harmful attachments to block executable file types such as .exe, .bat, and .com. File uploads should still be limited with the HTML input’s accept attribute when you know which formats your workflow needs.
Destructive actions
The bottom of the Settings page contains actions to duplicate the form, delete every submission, or delete the form. These operations can affect a large amount of data, so export anything you need before proceeding.