Skip to content

Privacy & GDPR

Forms collect personal data, so OctaForms is built to handle it responsibly and to make GDPR compliance straightforward. This page covers what is stored, how, and the tools for honouring data requests.

When a form has a consent checkbox, OctaForms stores a snapshot with each submission: which field it was, the exact consent text the visitor saw, their answer, and when. This is what lets you prove, later, what someone actually agreed to, rather than just “a box was ticked”.

OctaForms needs some notion of “same source” for spam forensics, but it does not store raw IP addresses. The IP is kept only as a one-way hash. Its documented purpose is spam investigation, and it never leaves the site: it is not in webhooks, not in exports, not anywhere a person can read it back as an address.

OctaForms plugs into WordPress’s built-in Export Personal Data and Erase Personal Data tools. A request made through those tools covers both the submissions and their delivery records, so a person’s data is exported or removed completely, not just partly.

You can have submissions cleaned up automatically after a period, set globally and overridable per form. Deleting a submission cascades to its delivery records and any uploaded files, so nothing is left orphaned.

The spam quarantine always clears after 30 days, regardless of your retention settings.

Files uploaded through file fields are stored with random, unguessable names, in a directory protected from direct listing. OctaForms never publishes a direct URL to an uploaded file. You reach files through your notification email (as an attachment) or through the admin (a protected download).

When a submission is deleted, by you, by retention, or by an erase request, its files go with it. A background sweep also removes any files left orphaned.

You can export submissions to CSV from the admin. Two things make the export safe by default:

  • Data minimization. By default the export includes only received submissions. To include the spam quarantine you have to opt in explicitly, and doing so adds a status column so quarantined rows are clearly marked.
  • Formula-injection hardening. Cells are protected against CSV formula injection, so a malicious value in a field cannot execute when the file is opened in a spreadsheet.

Uninstalling the plugin can optionally remove all of its data. This is off unless you choose it, so uninstalling to troubleshoot does not wipe your submissions by surprise.