Privacy & GDPR
Forms collect personal data, so OctaForms is built to handle it responsibly and to make GDPR compliance straightforward. This page covers what is stored, how, and the tools for honouring data requests.
Consent snapshots
Section titled “Consent snapshots”When a form has a consent checkbox, OctaForms stores a snapshot with each submission: which field it was, the exact consent text the visitor saw, their answer, and when. This is what lets you prove, later, what someone actually agreed to, rather than just “a box was ticked”.
IP addresses are hashed
Section titled “IP addresses are hashed”OctaForms needs some notion of “same source” for spam forensics, but it does not store raw IP addresses. The IP is kept only as a one-way hash. Its documented purpose is spam investigation, and it never leaves the site: it is not in webhooks, not in exports, not anywhere a person can read it back as an address.
Export and erase
Section titled “Export and erase”OctaForms plugs into WordPress’s built-in Export Personal Data and Erase Personal Data tools. A request made through those tools covers both the submissions and their delivery records, so a person’s data is exported or removed completely, not just partly.
Retention
Section titled “Retention”You can have submissions cleaned up automatically after a period, set globally and overridable per form. Deleting a submission cascades to its delivery records and any uploaded files, so nothing is left orphaned.
The spam quarantine always clears after 30 days, regardless of your retention settings.
Uploaded files stay private
Section titled “Uploaded files stay private”Files uploaded through file fields are stored with random, unguessable names, in a directory protected from direct listing. OctaForms never publishes a direct URL to an uploaded file. You reach files through your notification email (as an attachment) or through the admin (a protected download).
When a submission is deleted, by you, by retention, or by an erase request, its files go with it. A background sweep also removes any files left orphaned.
CSV export, safely
Section titled “CSV export, safely”You can export submissions to CSV from the admin. Two things make the export safe by default:
- Data minimization. By default the export includes only received submissions. To include the spam quarantine you have to opt in explicitly, and doing so adds a status column so quarantined rows are clearly marked.
- Formula-injection hardening. Cells are protected against CSV formula injection, so a malicious value in a field cannot execute when the file is opened in a spreadsheet.
Removal on uninstall
Section titled “Removal on uninstall”Uninstalling the plugin can optionally remove all of its data. This is off unless you choose it, so uninstalling to troubleshoot does not wipe your submissions by surprise.